Which version of keycloak to use? Does it matter?


Just a quick question, which version of keycloak should we be using? OOD documentation says 4.8.3, but that looks like the oldest version available on the keycloak website. Can we use newer versions or is there a specific reason to use this version? I don’t particularly care, I just wanted to double check. Thanks!

The newer versions of docs are going to say 9.

Looking through the release notes there wasn’t major open id connect functionality added since 4.8 (save for configurable client authentications so you’re likely getting updates around security and performance if you choose to run 9 over 4.8.

Awesome, thanks Jeff!

But to answer does it matter? Probably not as much after 4.8 (looks like anything less than that a lot of missing oidc functionality), but I’m kind of of the mind that newer is better, again for security, stability, maybe even ease of use/maintain/install.

But other than the feature noted above, doesn’t look like there’s a huge difference in the open id connect functionality in terms of features. Though there could - and there likely is - some bugfixes.

Newer is better is kind of my motto sometimes too, but I also prefer stability and understand sometimes bugs are created in new versions. So I just figured I’d check. Maybe it did matter for some reason. I didn’t think so, but I figured I’d check.

Of course @tdockendorf can correct me here if I’m wrong.

Latest is fine. OSC is on 8.0.2 I believe and I’ve verified 9.0.0 works too and have updated the Keycloak guides accordingly.

The main compatibility to worry about is mod_auth_openidc and Keycloak and we will be providing latest version or mod_auth_openidc with 1.7 release and something we currently have deployed.

Thanks again for the help and responses all!