Announcing Red Hat build of Keycloak 24.0 General Availability

Updated -

We are thrilled to announce the GA release of Red Hat build of Keycloak 24.0. Red Hat build of Keycloak is Red Hat's Identity and Access Management (IAM) commercial offering product based on the popular Keycloak open source project.

Red Hat build of Keycloak is well suited for securing web-based and other modern applications, mobile apps, APIs and services, by leveraging popular standards and security protocols such as OpenID Connect, OAuth and SAML. Red Hat build of Keycloak simplifies security concerns by enabling organizations to secure their critical workloads and assets, at lower cost.

You can access Red Hat build of Keycloak version 24.0 from the customer portal download. Container distributions and Operators for use on OpenShift are also available in the Red Hat Container Catalog. Following on the successful launch of Red Hat build of Keycloak 22 in November 2023, this new release comes with great features addition, including a full support of Multi-Site HA Active/Passive with a certified blueprint for deployment running in Red Hat OpenShift Service on AWS (ROSA).

The release of Red Hat build of Keycloak 24.0 includes a number of new and updated features:

  • User profile and progressive profiling support

    • a declarative approach to user management
    • fine-grained control over the attributes that users and administrators can manage
    • frictionless users experience, by allowing organizations to collect just the right information and data from their end-users at just the right time

  • Multi-Site High Availability, Active/Passive

    • deploying Keycloak to multiple independent sites (or data-centers) is now possible and fully supported (in Active/Passive only, for now)
    • provides higher availability and a speedy recovery from failures
    • comprehensive blueprint made available for a typical deployment on AWS cloud with ROSA
    • comes with documented sizing guidelines
    • see FAQ page for Multi-Site Support scope guidance

  • Lightweight access tokens support

    • smaller access tokens with only a few or limited claims for specified clients
    • enables enhanced security as a privacy-preserving token usage pattern

  • Passkeys preview support

    • passwordless experiences, safer and easier alternative to passwords
    • passkeys cannot be guessed or stolen like passwords
    • provide the strongest protection against threats like phishing

  • Maximum authentication time as new addition to password policies

    • ability for an user to change password within a specified maximum age of an authentication without needing to re-authenticate

  • Group scalability

    • improved performance around searching of groups for the use-cases running with many groups and subgroups

  • OAuth 2.0 Demonstrating Proof-of-Possession (DPoP) preview support

    • helps prevent unauthorized parties from using leaked or stolen access tokens
    • protects against token replays at different endpoints

  • Authentication improvements for a better UX

For more information on the new features and enhancements available in this release, please review the release notes on the Customer Portal.

Entitlement for Red Hat build of Keycloak is included in the Red Hat Runtimes, Red Hat Application Foundations, and Red Hat OpenShift Container Platform (OCP) subscriptions, as well as the various subscriptions bundles that include Runtimes and OCP.

Red Hat build of Keycloak is not available for purchase as a separate and distinct product outside of the bundles in which it is included.

Additional resources
Release Blog Post
Product Documentation
Subscriptions or Entitlements Requirements
Supported Configurations
Components Details

  • Product
  • Red Hat build of Keycloak
  • Category
  • Learn more
  • Component
  • keycloak
  • Release
  • Security
  • Tags
  • keycloak
  • migration
  • oidc
  • saml
  • security
  • sso
  • update
  • upgrade