¶ Origins and Development
Keycloak was originally developed by Red Hat as an open-source identity and access management solution. It was first released in 2014 to address the growing need for a flexible, standards-compliant identity management system that could integrate with modern applications and services.
- 2014: Initial release focused on providing SSO capabilities for JBoss/WildFly applications
- 2015: Added support for OpenID Connect and SAML 2.0 protocols
- 2016: Introduced User Federation capabilities allowing integration with external identity stores
- 2017: Added support for social login providers and improved admin console
- 2018: Released Keycloak 4.0 with improved clustering and performance optimizations
- 2019: Introduced Account Management Service and improved user experience
- 2020: Added support for advanced authentication flows and improved security features
- 2021: Keycloak 15 introduced the new Quarkus-based distribution alongside the legacy WildFly distribution
- 2022: Keycloak 17 marked the transition to Quarkus as the default distribution, moving away from WildFly
- 2023-2024: Focus on cloud-native deployment, improved observability, and enhanced security features
- 2025-2026: Continued evolution with emphasis on developer experience, protocol enhancements, and enterprise features
Initially built on top of JBoss WildFly application server, which provided enterprise features but resulted in larger memory footprint and slower startup times.
The migration to Quarkus framework brought significant improvements:
- Faster startup times
- Lower memory consumption
- Better container support
- Improved developer experience
- Native compilation capabilities
- Authentication Protocols: Started with basic SAML and OAuth 2.0, expanded to include OpenID Connect, Kerberos, and more
- User Federation: Added support for LDAP, Active Directory, and custom providers
- Authorization Services: Introduction of fine-grained authorization with policy engine
- Identity Brokering: Support for social login and external identity providers
- Admin REST API: Programmatic management capabilities
- Themes and Branding: Customizable user interfaces
- Multi-factor Authentication: TOTP, SMS, and hardware token support
¶ Community and Adoption
Keycloak has grown from a Red Hat internal project to a widely adopted open-source IAM solution with:
- Active community contributions
- Extensive documentation and learning resources
- Rich ecosystem of extensions and integrations
- Enterprise support options through Red Hat
¶ Current State and Future
As of version 26.5.3 (February 2026), Keycloak continues to evolve with:
- Focus on cloud-native deployments
- Enhanced security with regular updates addressing CVEs
- Improved performance and scalability
- Strong emphasis on standards compliance (OIDC, SAML, SCIM)
- Growing ecosystem of third-party integrations
The project maintains its position as a leading open-source identity and access management solution, particularly well-suited for containerized and cloud-native environments.