Red Hat Single Sign-On (RH-SSO) version 7.6 is GA

Updated -

We are pleased to announce the General Availability (GA) release of Red Hat Single Sign-On (RH-SSO) version 7.6. It is available for download from the customer portal website.

RH-SSO is based on the Keycloak project and enables enterprises to secure their web applications by providing Web SSO capabilities based on popular standards such as OpenID Connect, OAuth 2.0, and SAML 2.0. The RH-SSO server acts as an OpenID Connect or SAML-based identity provider (IdP), allowing enterprise user directories or third-party IdPs to secure their applications via standards-based security tokens.

What’s new in Red Hat Single Sign-On (RH-SSO) version 7.6?

  • Step-up Authentication, allowing access to clients or resources based on a specific authentication level of a user.

  • Client Secret Rotation policy, which provides greater security to address challenges such as secret leakage. Red Hat Single Sign-On now supports up to two concurrently active secrets for each client.

  • Recovery Codes, as another method to do two-factor authentication, is now available as a preview feature.

  • OpenID Connect Logout improvements have been made to ensure that Red Hat Single Sign-On is now fully compliant with all the OpenID Connect logout specifications.

  • WebAuthn to GA; The WebAuthn feature moves out of Technical Preview feature and is now GA'd and fully supported. Also, Red Hat Single Sign-On now supports WebAuthn id-less/password-less authentication.

  • Configurable Session limits; Red Hat Single Sign-On now supports limits on the number of maximum sessions a user can have. Limits can be placed at the realm level or at the client level.

  • SAML ECP Profile is now disabled by default, allowing to mitigate the risks associated with SAML ECP Profile.

  • User Account Management Console alignments with latest PatternFly release.

  • Support for encrypted User Info endpoint response.

  • Support for the algorithm RSA-OAEP with A256GCM used for encryption keys.

  • Support for login with GitHub Enterprise server.

  • Red Hat Single Sign-On (RH-SSO) version 7.6 is based on Keycloak community version 18.0.0. Hence it comes with all bug-fixes and enhancements added after Keycloak 15.0.2.

  • Note: Existing technology preview features, the following features remain Technology Preview status:

    Cross-site data replication
    Token exchange
    Fine-grained authorization permissions

For more details on RH-SSO 7.6, please refer to its release notes and documentation set. See also the Red Hat Single Sign-On Supported Configurations page, and the Component Details page.

Red Hat Single Sign-On (RH-SSO) version 7.6 is the last planned minor update release in the RH-SSO 7.x family, which now enters the maintenance phase of its lifecycle. The RH-SSO 7.x lifecycle has been extended with maintenance support ending on June 30th 2025.

Note: Red Hat build of Keycloak replaces any planned future releases of Red Hat Single Sign-On. You can migrate Red Hat Single Sign-On to Red Hat build of Keycloak now.

  • Product
  • Red Hat build of Keycloak
  • Red Hat Single Sign-On
  • Category
  • Upgrade
  • Component
  • upgrade
  • Tags
  • migration
  • update