23.0.2
Highlights
Non-blocking health check for load balancers
A new health check endpoint available at /lb-check was added.
The execution is running in the event loop which means this check is responsive also in overloaded situations when Keycloak needs to handle many requests waiting in request queue.
This behavior is useful, for example, in multi-site deployment where we do not want to fail over to the other site under heavy load.
The endpoint is currently checking availability of the embedded and external Infinispan caches. Other checks may be added later.
This endpoint is not available by default.
To enable it, run Keycloak with feature multi-site.
Proceed to Enabling and disabling features guide for more details.
Upgrading
Before upgrading refer to the migration guide for a complete list of changes.
All resolved issues
Enhancements
Bugs
- #24652 SAML decryption fails if keycloak.saml.deprecated.encryption flag is set
saml - #24986 `getMultiPartFormParameters()` always returns `EmptyMultivaluedMap` after upgrade to Resteasy Reactive
core - #25001 Client redirect_uri check must be compared using exact string matching
oidc - #25010 Bug: KC_DB_USERNAME environment variable is causing a crash in latest version
dist/quarkus - #25051 Unexpected Application Error when clicking "Cancel" on user creation page
admin/ui - #25108 Documentation Inconsistency about Open Banking(Finance) Brasil FAPI security profile
docs - #25124 If a client does not have a URL the applications page in the account console links to about:blank
account/ui - #25173 Make sure username is lowercase when normalizing attributes
user-profile - #25183 NullPointerException thrown for UPConfig.getGroups()
user-profile - #25307 Keycloak instance `HasErrors` true after update: `More than 1 secondary resource related to primary`
operator