Changelog#

This changelog documents all notable changes to the Keycloak app. Keep a Changelog is the format and this project adheres to Semantic Versioning.

Please also consider the upstream release notes.

Released: TODO

  • The app updates to Keycloak version 23.0.7 of the upstream Docker image from https://quay.io/repository/keycloak/keycloak.

  • The ad hoc federation feature has been removed from the App due to incompatibility with the new Keycloak version. If you used this feature in production, do not upgrade and contact the support of Univention.

22.0.3-ucs2#

Released: 20. December 2023

  • Using an Oracle DB backend for Keycloak is no longer possible. The Oracle DB drivers that were provided by Keycloak have been removed. If you are currently using an Oracle DB as a backend for Keycloak, a migration according to ref:app-database-custom is necessary to continue using this app.

  • The container of the Keycloak app has been changed from the upstream Redhat ubi-micro-build to the ucs-base-image, which is based on Debian.

  • The Keycloak app added support for PostgreSQL 15 databases.

  • The error messages shown during login using Keycloak have been adapted to show more detailed information in case an account is locked, expired or disabled.

22.0.3-ucs1#

Released: 27. September 2023

  • The app setting keycloak/theme has been removed. The UCS theme, controlled by the UCR variable ucs/web/theme is now used.

  • The Keycloak app supports configurable links below the login dialog on the login page.

  • When opening the login page provided by Keycloak for the first time, the page shows a cookie banner, if the administrator has configured it. Users must accept the cookie banner, otherwise they can’t continue to use Keycloak.

  • The app updates to Keycloak version 22.0.3 of the upstream Docker image from https://quay.io/repository/keycloak/keycloak.

22.0.1-ucs1#

Released: 30. August 2023

21.1.2-ucs2#

Released: 18. August 2023

  • The app can now be configured to restrict access to certain apps using group memberships. For more information about the configuration of this feature, see Restrict access to applications.

  • If the Keycloak hostname is accessed using http, you are now directly redirected to https

  • Due to longer replication times during password updates, it could happen that after a successful password update during the Keycloak login an error was shown. This has been fixed.

21.1.2-ucs1#

Released: 19. July 2023

21.1.1-ucs1#

Released: 5. July 2023

21.0.1-ucs4#

Released: 28. June 2023

  • A Base64 NameID mapper has been added, to make the migration of the Microsoft365 connector to Keycloak possible.

21.0.1-ucs3#

Released: 31. May 2023

21.0.1-ucs2#

Released: 28. April 2023

21.0.1-ucs1#

Released: 19. April 2023

19.0.2-ucs2#

Released: 23. March 2023

  • This release of the Keycloak app includes extensions for

    1. Univention LDAP mapper

    2. Univention Password reset

    3. Univention Self service

  • Keycloak now checks the password expiry during the sign-in and presents a password change dialog if the password has expired.

  • The app now offers a setting to deny the sign-in for unverified, self registered user accounts. For more information, see use cases.

19.0.1-ucs3#

Released: 14. October 2022

19.0.1-ucs2#

Released: 9. September 2022

  • This release of the Keycloak app includes an SPI extension for so called ad-hoc federation. See the documentation for details.

  • Administrators can install the app Keycloak on UCS 5.0-x UCS Primary Directory Nodes. For more information, see Installation on UCS.

19.0.1-ucs1#

Released: 7. September 2022

  • The app now offers univention-keycloak, a command line program to configure SAML SP and OIDC Provider clients in Keycloak directly.

    univention-keycloak simplifies the integration of client apps with Keycloak and the downloads of signing certificates for example as PEM file (see option groups saml/idp/cert or oidc/op/cert).

  • univention-keycloak supports the setup of a 2FA authentication flow for the members of a specific LDAP group. The second factor is a time-based one-time password (TOTP) in this case.

  • The app updates to Keycloak version 19.0.1 of the upstream Docker image from https://quay.io/repository/keycloak/keycloak.

  • Administrators can install the app Keycloak on UCS 5.0-x UCS Primary Directory Nodes. For more information, see Installation on UCS.

18.0.0-ucs1#

Released: 28. June 2022