Skip to main content
Redhat Developers  Logo
  • Products

    Featured

    • Red Hat Enterprise Linux
      Red Hat Enterprise Linux Icon
    • Red Hat OpenShift AI
      Red Hat OpenShift AI
    • Red Hat Enterprise Linux AI
      Linux icon inside of a brain
    • Image mode for Red Hat Enterprise Linux
      RHEL image mode
    • Red Hat OpenShift
      Openshift icon
    • Red Hat Ansible Automation Platform
      Ansible icon
    • Red Hat Developer Hub
      Developer Hub
    • View All Red Hat Products
    • Linux

      • Red Hat Enterprise Linux
      • Image mode for Red Hat Enterprise Linux
      • Red Hat Universal Base Images (UBI)
    • Java runtimes & frameworks

      • JBoss Enterprise Application Platform
      • Red Hat build of OpenJDK
    • Kubernetes

      • Red Hat OpenShift
      • Microsoft Azure Red Hat OpenShift
      • Red Hat OpenShift Virtualization
      • Red Hat OpenShift Lightspeed
    • Integration & App Connectivity

      • Red Hat Build of Apache Camel
      • Red Hat Service Interconnect
      • Red Hat Connectivity Link
    • AI/ML

      • Red Hat OpenShift AI
      • Red Hat Enterprise Linux AI
    • Automation

      • Red Hat Ansible Automation Platform
      • Red Hat Ansible Lightspeed
    • Developer tools

      • Red Hat Trusted Software Supply Chain
      • Podman Desktop
      • Red Hat OpenShift Dev Spaces
    • Developer Sandbox

      Developer Sandbox
      Try Red Hat products and technologies without setup or configuration fees for 30 days with this shared Openshift and Kubernetes cluster.
    • Try at no cost
  • Technologies

    Featured

    • AI/ML
      AI/ML Icon
    • Linux
      Linux Icon
    • Kubernetes
      Cloud icon
    • Automation
      Automation Icon showing arrows moving in a circle around a gear
    • View All Technologies
    • Programming Languages & Frameworks

      • Java
      • Python
      • JavaScript
    • System Design & Architecture

      • Red Hat architecture and design patterns
      • Microservices
      • Event-Driven Architecture
      • Databases
    • Developer Productivity

      • Developer productivity
      • Developer Tools
      • GitOps
    • Secure Development & Architectures

      • Security
      • Secure coding
    • Platform Engineering

      • DevOps
      • DevSecOps
      • Ansible automation for applications and services
    • Automated Data Processing

      • AI/ML
      • Data Science
      • Apache Kafka on Kubernetes
      • View All Technologies
    • Start exploring in the Developer Sandbox for free

      sandbox graphic
      Try Red Hat's products and technologies without setup or configuration.
    • Try at no cost
  • Learn

    Featured

    • Kubernetes & Cloud Native
      Openshift icon
    • Linux
      Rhel icon
    • Automation
      Ansible cloud icon
    • Java
      Java icon
    • AI/ML
      AI/ML Icon
    • View All Learning Resources

    E-Books

    • GitOps Cookbook
    • Podman in Action
    • Kubernetes Operators
    • The Path to GitOps
    • View All E-books

    Cheat Sheets

    • Linux Commands
    • Bash Commands
    • Git
    • systemd Commands
    • View All Cheat Sheets

    Documentation

    • API Catalog
    • Product Documentation
    • Legacy Documentation
    • Red Hat Learning

      Learning image
      Boost your technical skills to expert-level with the help of interactive lessons offered by various Red Hat Learning programs.
    • Explore Red Hat Learning
  • Developer Sandbox

    Developer Sandbox

    • Access Red Hat’s products and technologies without setup or configuration, and start developing quicker than ever before with our new, no-cost sandbox environments.
    • Explore Developer Sandbox

    Featured Developer Sandbox activities

    • Get started with your Developer Sandbox
    • OpenShift virtualization and application modernization using the Developer Sandbox
    • Explore all Developer Sandbox activities

    Ready to start developing apps?

    • Try at no cost
  • Blog
  • Events
  • Videos

What's new in the Red Hat build of Keycloak version 22

November 15, 2023
Issa Gueye
Related topics:
OperatorsQuarkusSecurity
Related products:
Red Hat Single sign-onRed Hat OpenShift

Share:

    Continuing our mission to better support enterprise developers in securing modern applications, APIs, and services with minimum effort, Red Hat has released version 22.0 of the Red Hat build of Keycloak.

    The Red Hat build of Keycloak is a cloud-native Identity and Access Management (IAM) solution based on the Keycloak distribution powered by Quarkus. The Red Hat build of Keycloak replaces any plans for a future single sign-on (8.0 or higher) features release. Red Hat build of Keycloak is faster, more flexible, and optimized for running in the hybrid-cloud environment, while preserving the power and functionality of single sign-on.

    The release version 22.0 of Red Hat build of Keycloak has a number of great features and performance improvements, including tools to improve developer productivity. Let’s take a look at the key highlights of this release. For a complete list of new features, check out the official Red Hat build of Keycloak 22.0 release notes.

    Cloud-friendly and faster

    By leveraging the continuous improvements in the Quarkus framework for better performance and efficiency, Keycloak has significantly reduced its server startup time and memory footprint. Compared to the legacy Wildfly-based distribution, a Keycloak now running on top of Quarkus has a smaller distribution size with less dependencies, a faster start-up time (less cpu), and lower server memory footprint (heap and metaspace).

    The total size of the new distribution is almost half the size of the legacy Wildfly-based distribution. A performance benchmark for a very simple comparison between Keycloak running on Quarkus and Wildfly showed a significant gain on both startup time and memory footprint, nearly 50%.

    With these improvements, a Red Hat build of Keycloak provides users with a cloud-friendly IAM solution that is optimized for running in the hybrid cloud. It enables users for a cloud efficiency IAM deployment with cost savings and faster time to market.

    Better usability

    The new Keycloak distribution has a strong focus on usability. Users should expect a better experience when configuring and starting the server as well as when performing other common operations. There is a new CLI tool (kc.sh) providing a simpler configuration procedure using interactive command-line help instead of editing opaque and complex XML files like in the single sign-on (a legacy Wildfly-based Keycloak distribution).

    Users can choose from multiple configuration sources, such as a file, CLI, environment variables, or an encrypted KeyStore. Red Hat build of Keycloak can load the server’s configuration from five different sources with an order of application.

    In the context of Quarkus, Keycloak is essentially a Quarkus extension under the hood, so it can provide developers with more flexibility and modularity in the Quarkus ecosystem. Using Keycloak with Quarkus should be enjoyable for developers to build and add better custom providers extensions into the Red Hat build of Keycloak.

    Improved security

    Considering how critical an IAM solution is and the impact of misconfiguration on the overall security of the deployment, Red Hat build of Keycloak comes with the minimal configuration possible with a secure-by-default policy in mind. The idea is to provide the bare minimum configuration options to run the server while imposing some key constraints on how the configuration should be set before running in production. There is clear separation between development, testing, and production runtimes.

    Users can now start the Keycloak server in development mode or production mode. Each mode offers different defaults for the intended environment, but with more opinionated settings for the production mode. For instance, the production mode expects a hostname and a HTTPS/TLS setup to be available when starting the server. Without those further configurations, the kc.sh CLI tool will not start Keycloak and shows an error instead.

    FIPS 140-2 support

    Red Hat build of Keycloak 22.0 provides support for deploying and running Keycloak into a FIPS 140-2 enabled environment. The Federal Information Processing Standard Publication (FIPS) is a U.S. government computer security standard used to approve cryptographic modules. Red Hat build of Keycloak 22.0 supports running in FIPS 140-2 compliant mode. In this case, the Keycloak server will use only FIPS approved cryptographic algorithms for its functionality.

    New admin console

    Red Hat build of Keycloak 22.0 comes with a new admin console that provides an extensive and friendly interface for administrators and developers to configure and manage Keycloak. The new admin console is based on Patternfly and enables consistency and usability across the whole admin console pages for a better user experience and accessibility enhancements.

    A new Java-based operator

    The release 22.0 of Red Hat build of Keycloak includes a new operator for deploying and running Keycloak in Red Hat OpenShift environments. The new operator is now a Java-based operator, rewritten from scratch using the Java Operator SDK as compared to the legacy Go-based single sign-on operator.

    The new operator brings more flexibility and better architecture that shares business objects with the Keycloak main codebase. This increases the code-reuse and dramatically reduces the chances of introducing bugs in the translation process from Kubernetes resources. Also, the container image provides greater security for the operator by making the image based on UBI9 rather than UBI8 and using a UBI micro image, which helps reduce the attack surface. The new operator embraces the new cloud native capabilities of the Keycloak Quarkus distribution from the ground up, improving the overall user experience.

    Getting support

    Support for Red Hat build of Keycloak is available to Red Hat customers through a subscription. Contact your local Red Hat representative or Red Hat Sales for details on how to enjoy world-class support offered by Red Hat and its worldwide partner network. Customers can expect support for Red Hat Build of Keycloak and other runtimes according to the Red Hat Product Update and Support Lifecycle.

    Get started with Red Hat build of Keycloak

    Red Hat build of Keycloak 22.0 comes with many other features and improvements highlighted in the release notes. Ready to get started with Red Hat build of Keycloak? Here are more useful links to get you started:

    • Zip distributions are available through the Customer Portal.
    • Container distributions and operators for use on OpenShift are available in the Red Hat Ecosystem Catalog.
    • Product documentation set is available on the Red Hat customer portal, including a migration guide to help migrate your existing single sign-on deployments to Red Hat build of Keycloak.
    Last updated: November 20, 2023

    Related Posts

    • How to restrict user authentication in Keycloak during identity brokering

    • Keycloak: Core concepts of open source identity and access management

    • Docker Authentication with Keycloak

    • Single Sign-On Made Easy with Keycloak / Red Hat SSO

    Recent Posts

    • Alternatives to creating bootc images from scratch

    • How to update OpenStack Services on OpenShift

    • How to integrate vLLM inference into your macOS and iOS apps

    • How Insights events enhance system life cycle management

    • Meet the Red Hat Node.js team at PowerUP 2025

    What’s up next?

    Read Operating OpenShift, a practical guide to running and operating OpenShift clusters more efficiently using a site reliability engineering (SRE) approach. Learn best practices and tools that can help reduce the effort of deploying a Kubernetes platform.

    Get the e-book
    Red Hat Developers logo LinkedIn YouTube Twitter Facebook

    Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform

    Build

    • Developer Sandbox
    • Developer Tools
    • Interactive Tutorials
    • API Catalog

    Quicklinks

    • Learning Resources
    • E-books
    • Cheat Sheets
    • Blog
    • Events
    • Newsletter

    Communicate

    • About us
    • Contact sales
    • Find a partner
    • Report a website issue
    • Site Status Dashboard
    • Report a security problem

    RED HAT DEVELOPER

    Build here. Go anywhere.

    We serve the builders. The problem solvers who create careers with code.

    Join us if you’re a developer, software engineer, web designer, front-end designer, UX designer, computer scientist, architect, tester, product manager, project manager or team lead.

    Sign me up

    Red Hat legal and privacy links

    • About Red Hat
    • Jobs
    • Events
    • Locations
    • Contact Red Hat
    • Red Hat Blog
    • Inclusion at Red Hat
    • Cool Stuff Store
    • Red Hat Summit

    Red Hat legal and privacy links

    • Privacy statement
    • Terms of use
    • All policies and guidelines
    • Digital accessibility

    Report a website issue