8. Changelog#
This changelog documents all notable changes to the Keycloak app. Keep a Changelog is the format and this project adheres to Semantic Versioning.
Please also consider the upstream release notes.
8.1. 21.1.1-ucs1#
Released: 5. July 2023
The app updates to Keycloak version 21.1.1 of the upstream Docker image from https://quay.io/repository/keycloak/keycloak.
The app now configures Kerberos ticket authentication through the browser. For more information, see see Activating Kerberos authentication.
8.2. 21.0.1-ucs4#
Released: 28. June 2023
A Base64 NameID mapper has been added, to make the migration of the Microsoft365 connector to Keycloak possible.
8.3. 21.0.1-ucs3#
Released: 31. May 2023
The UCR variable
keycloak/apache/config
replaces the variableucs/server/sso/virtualhost
. In case you setucs/server/sso/virtualhost
tofalse
to turn off the UCS web server configuration for Keycloak, setkeycloak/apache/config
totrue
before the update.The app can use a different URL path for the single sign-on endpoint. For more information about the configuration, see Single sign-on through external public domain name.
8.4. 21.0.1-ucs2#
Released: 28. April 2023
The Keycloak app can use an external fully qualified domain name. For more information about the configuration, see Single sign-on through external public domain name.
8.5. 21.0.1-ucs1#
Released: 19. April 2023
From this version on the Keycloak app requires a CPU that supports the micro architecture level
x86-64-v2
. For more information, see Univention Help 21420.The app updates Keycloak to version 21.0.1 of the upstream Docker image from keycloak / keycloak - Quay. See release notes for Keycloak 21.0.0 for more details.
Accessing the
userinfo
endpoint now requires inclusion ofopenid
in the list of requested scopes. For background information, see this upstream issue.
8.6. 19.0.2-ucs2#
Released: 23. March 2023
This release of the Keycloak app includes extensions for
Univention LDAP mapper
Univention Password reset
Univention Self service
Keycloak now checks the password expiry during the sign-in and presents a password change dialog if the password has expired.
The app now offers a setting to deny the sign-in for unverified, self registered user accounts. For more information, see use cases.
8.7. 19.0.1-ucs3#
Released: 14. October 2022
This release of the Keycloak app includes an extended version of the command line program univention-keycloak. Use it to directly create Keycloak Client configurations for SAML Service Providers and OpenID Connect Relying Parties.
8.8. 19.0.1-ucs2#
Released: 9. September 2022
This release of the Keycloak app includes an SPI extension for so called ad-hoc federation. See the documentation for details.
Administrators can install the app Keycloak on UCS 5.0-x UCS Primary Directory Nodes. For more information, see Installation on UCS.
8.9. 19.0.1-ucs1#
Released: 7. September 2022
The app now offers univention-keycloak, a command line program to configure SAML SP and OIDC Provider clients in Keycloak directly.
univention-keycloak simplifies the integration of client apps with Keycloak and the downloads of signing certificates for example as PEM file (see option groups
saml/idp/cert
oroidc/op/cert
).univention-keycloak supports the setup of a 2FA authentication flow for the members of a specific LDAP group. The second factor is a time-based one-time password (TOTP) in this case.
The app updates to Keycloak version 19.0.1 of the upstream Docker image from https://quay.io/repository/keycloak/keycloak.
Administrators can install the app Keycloak on UCS 5.0-x UCS Primary Directory Nodes. For more information, see Installation on UCS.
8.10. 18.0.0-ucs1#
Released: 28. June 2022
Initial release of the app.
Administrators can install the Keycloak app on UCS 5.0-x Primary Directory Nodes.
The app uses the upstream Docker image from https://quay.io/repository/keycloak/keycloak.