26.3.0
📦 keycloakView on GitHub →
✨ 7 features🐛 1 fixes⚡ 1 deprecations🔧 3 symbols
Summary
This release introduces major stability and performance improvements, including making 2FA recovery codes a supported feature and optimizing import/export performance. Key enhancements focus on developer experience through streamlined WebAuthn/Passkey registration and broader identity brokering capabilities.
Migration Steps
- If using 2FA recovery codes, administrators can switch the browser flow's Recovery Authentication Code Form from Disabled to Alternative if they wish to enable it for users.
- Review logging configuration to enable asynchronous logging if high throughput and low latency are required.
✨ New Features
- Account recovery with 2FA recovery codes is promoted from preview to a supported feature.
- Streamlined WebAuthn/Passkey registration now supports a skip_if_exists parameter when initiated by the application (AIA).
- Simplified account linking to identity providers via application initiated actions (AIA) implementation.
- New generic OAuth 2.0 broker allows federation with any OAuth 2.0 compliant authorization server (e.g., Amazon).
- Enhanced trusted email verification for OpenID Connect providers using the standard email_verified claim.
- Asynchronous logging support added to all available log handlers for higher throughput and lower latency (opt-in).
- Experimental rolling updates for patch releases extended to allow rolling updates when the new image contains a future patch release from the same major.minor stream.
🐛 Bug Fixes
- Performance degradation for imports, exports, or migrations involving a large number of realms has been eliminated; there is no longer a cumulative performance degradation per additional realm processed.
Affected Symbols
⚡ Deprecations
- The custom protocol previously used for client-initiated account linking is now deprecated.