On February 14, the Keycloak team announced that they were abandoning most of their Keycloak adapters.
This includes adapters for Spring Security and Spring Boot, which means that the Keycloak team will no longer provide an integration solution for Spring Security and Spring Boot.
The Keycloak project offers a number of adaptors to provide an integration solution for other ecosystems, but as stated in the Statement:
Keycloak adapters are not getting the love and attention they need.
In the run-up to Valentine’s Day, the statement speaks volumes. The announcement indicates that the Keycloak team will abandon most of the adapter maintenance and focus more on the Keycloak server itself. In addition, Keycloak will provide a how-to guide to security for all kinds of applications, and even adapter alternatives.
A list of expiring adapters:
- OpenID Connect Java adapters
- OpenID Connect Node.js adapters
- SAML Tomcat and Jetty adapters
- OpenID Connect WildFly adapters
- Spring Security 、Spring Boot adapters
Of course, some adapters will continue to be maintained:
- OpenID Connect client-side JavaScript adapter
- SAML WildFly and servlet filter
Keycloak also publishes a timeline of relevant adapter expiries:
- February 2022: Adapter deprecated
- September 2022: No more major/minor releases of adapters
- December 2022: No more microadapters released
Keycloak is currently the most powerful OIDC server, but it also has a high learning cost, which is a big reason why its adapters have not become popular. Product iteration does not necessarily mean adding things all the time. It is not necessarily a bad thing to be able to make timely decisions and get rid of the burden. Keycloak can still be used as a license server by protocol specification, but without the support of adapters, its features are easily buried and cannot be used in other technologies.
Follow our public id: Felordcn for more information
Personal blog: https://felord.cn