8. Changelog

This changelog documents all notable changes to the Keycloak app. Keep a Changelog is the format and this project adheres to Semantic Versioning.

Please also consider the upstream release notes.

8.1. 21.1.2-ucs2

Released: 18. August 2023

• The app can now be configured to restrict access to certain apps using group memberships. For more information about the configuration of this feature, see Restrict access to applications.

• If the Keycloak hostname is accessed using http, you are now directly redirected to https

• Due to longer replication times during password updates, it could happen that after a successful password update during the Keycloak login an error was shown. This has been fixed.

8.2. 21.1.2-ucs1

Released: 19. July 2023

• The app updates to Keycloak version 21.1.2 of the upstream Docker image from https://quay.io/repository/keycloak/keycloak.

8.3. 21.1.1-ucs1

Released: 5. July 2023

• The app updates to Keycloak version 21.1.1 of the upstream Docker image from https://quay.io/repository/keycloak/keycloak. See release notes for Keycloak 21.1.0 for more details.

• The app now configures Kerberos ticket authentication through the web browser. For more information, see Activating Kerberos authentication.

8.4. 21.0.1-ucs4

Released: 28. June 2023

• A Base64 NameID mapper has been added, to make the migration of the Microsoft365 connector to Keycloak possible.

8.5. 21.0.1-ucs3

Released: 31. May 2023

• The UCR variable keycloak/apache/config replaces the variable ucs/server/sso/virtualhost. In case you set ucs/server/sso/virtualhost to false to turn off the UCS web server configuration for Keycloak, set keycloak/apache/config to true before the update.

• The app can use a different URL path for the single sign-on endpoint. For more information about the configuration, see Single sign-on through external public domain name.

8.6. 21.0.1-ucs2

Released: 28. April 2023

• The Keycloak app can use an external fully qualified domain name. For more information about the configuration, see Single sign-on through external public domain name.

8.7. 21.0.1-ucs1

Released: 19. April 2023

• From this version on the Keycloak app requires a CPU that supports the micro architecture level x86-64-v2. For more information, see Univention Help 21420.

• The app updates Keycloak to version 21.0.1 of the upstream Docker image from keycloak / keycloak - Quay. See release notes for Keycloak 21.0.0 for more details.

• Accessing the userinfo endpoint now requires inclusion of openid in the list of requested scopes. For background information, see this upstream issue.

8.8. 19.0.2-ucs2

Released: 23. March 2023

• This release of the Keycloak app includes extensions for

  1. Univention LDAP mapper

  2. Univention Password reset

  3. Univention Self service

• Keycloak now checks the password expiry during the sign-in and presents a password change dialog if the password has expired.

• The app now offers a setting to deny the sign-in for unverified, self registered user accounts. For more information, see use cases.

8.9. 19.0.1-ucs3

Released: 14. October 2022

• This release of the Keycloak app includes an extended version of the command line program univention-keycloak. Use it to directly create Keycloak Client configurations for SAML Service Providers and OpenID Connect Relying Parties.

8.10. 19.0.1-ucs2

Released: 9. September 2022

• This release of the Keycloak app includes an SPI extension for so called ad-hoc federation. See the documentation for details.

• Administrators can install the app Keycloak on UCS 5.0-x UCS Primary Directory Nodes. For more information, see Installation on UCS.

8.11. 19.0.1-ucs1

Released: 7. September 2022

• The app now offers univention-keycloak, a command line program to configure SAML SP and OIDC Provider clients in Keycloak directly.

  univention-keycloak simplifies the integration of client apps with Keycloak and the downloads of signing certificates for example as PEM file (see option groups saml/idp/cert or oidc/op/cert).

• univention-keycloak supports the setup of a 2FA authentication flow for the members of a specific LDAP group. The second factor is a time-based one-time password (TOTP) in this case.

• The app updates to Keycloak version 19.0.1 of the upstream Docker image from https://quay.io/repository/keycloak/keycloak.

• Administrators can install the app Keycloak on UCS 5.0-x UCS Primary Directory Nodes. For more information, see Installation on UCS.

8.12. 18.0.0-ucs1

Released: 28. June 2022

• Initial release of the app.

• Administrators can install the Keycloak app on UCS 5.0-x Primary Directory Nodes.

• The app uses the upstream Docker image from https://quay.io/repository/keycloak/keycloak.