Keycloak 1.7.0.CR1 发布，主要更新如下：
- Groups – users can belong to one or more groups and inherit role mappings and attributes from the group.
- First Broker Login Flow – we’ve introduced a number of improvements to first login with identity brokers as well as the ability to customize the flow used.
- Client Registration – clients can now dynamically register themselves with a Keycloak server. This supports Keycloak client representations, OpenID Connect Dynamic Client Registration and SAML Entity Descriptors. Client registration are simple REST endpoints, there’s also a Java library and a CLI is coming soon.
- OpenID Connect Implicit and Hybrid flows – we’ve added support for the Implicit and Hybrid flows. It’s also possible to select what flows are available for a specific client.
- Add User script – as a first step to not having a default admin user we’ve added a script that allows creating an initial admin account.
- Cache fixes – there’s a number of fixes related to caching, which should improve performance especially in clusters.
- Email Sender SPI – previously we had one SPI that created email content from FreeMarker and also sent emails. We’ve now split this into two separate SPIs.
- SAML SP WildFly subsystem – there’s now a WildFly subsystem for the SAML SP adapter, which makes it easier to use the SAML SP adapter on WildFly.
- WildFly 10 adapter support – the WildFly adapter, including adapter subsystem, now supports WildFly 10.
Keycloak 是一个为浏览器和 RESTful Web 服务提供 SSO 的集成。基于 OAuth 2.0 和 JSON Web Token(JWT) 规范。最开始是面向 JBoss 和 Wildfly 通讯，但已经计划为其他诸如 Tomcat、Jetty、Node.js、Rails、Grails 等环境提供解决方案。