Identity management: Keycloak 26 relies on persistent user sessions
In the new release of the IAM software, user sessions are persistent by default. A preview for tracing with OpenTelemetry serves to increase observability.
(Image: Andrew Derr/Shutterstock.com)
Around four months after Keycloak 25, version 26 is now available. The latest release of the open-source software for identity and access management (IAM) decouples the publication of some Keycloak client libraries from the release cycle of the Keycloak server, brings innovations for persisting user sessions and presents a preview for distributed tracing with the open-source framework OpenTelemetry.
Independent publication of client libraries
In future, three Keycloak client libraries will have a release cycle that is independent of the Keycloak server. In the current release, the libraries are still being released together with the server, but according to the development team, this could be the last time.
The client libraries in question are the Maven artefacts Java Admin Client(org.keycloak:keycloak-admin-client), Java Authorization Client(org.keycloak:keycloak-authz-client) and Java Policy Enforcer(org.keycloak:keycloak-policy-enforcer). These are compatible with Java 8 and can therefore be used with client applications that are deployed on older application servers. Further libraries may be added in the future.
Persistent user sessions
Keycloak 25 introduced the function persistent-user-sessions, with which all user sessions can be persisted in the database – in contrast to the previous behavior when this only applied to offline sessions. In Keycloak 26, this is now activated by default. This means that users remain logged in even after restarting or upgrading all Keycloak instances.
However, if you want to deactivate this feature, you can visit the "Volatile user sessions" section in the instructions for configuring distributed caches.
Preview of OpenTelemetry Tracing
As a preview feature, Keycloak 26 enables distributed tracing with OpenTelemetry. This is used to obtain application traces for improved observability and is intended, among other things, to help detect performance bottlenecks and find the reasons for application failures.
Further information on the new version can be found on the Keycloak blog. To support the upgrade to Keycloak 26, the development team offers a migration guide that contains the complete list of changes.
(mai)
