Red Hat build of Keycloak Supported Configurations
Every Red Hat® build of Keycloak (RHBK) release is tested, verified and supported on a variety of Red Hat® OpenShift platforms, Operating Systems, Java™ Virtual Machines (JVMs), and Databases combination. Red Hat provides both production and development support for supported configurations and tested integrations according to your subscription agreement in both physical and virtual environments. [1]
Red Hat build of Keycloak 24.0.x
Red Hat build of Keycloak 24.0.x Server Supported Configurations
Red Hat tests and supports the Red Hat build of Keycloak 24.0.x running in one of the following OpenShift, Operating Systems and JVMs platforms.
RHBK Server for OpenShift:
Support for Red Hat build of Keycloak on OpenShift is under the guidelines as defined in the knowledge article for Support of Red Hat Middleware products and components on Red Hat OpenShift. Also refer to the Red Hat OpenShift Container Platform Life Cycle Policy for details about the life cycle of each OpenShift release version.
| RHBK Server | OpenShift Container Platform [2] | Chipset Architecture | Container Image / JVM |
|---|---|---|---|
| 24.0.x | 4.15, 4.14, 4.13, 4.12 [3] | x86_64, s390x [4], ppc64le [4] | ubi9/openjdk-17 |
RHBK Server for RHEL, Windows (and other OS):
| RHBK Server | Operating System [5] | Chipset Architecture | Java Virtual Machine |
|---|---|---|---|
| 24.0.x | Red Hat Enterprise Linux (RHEL) 9, 8 | x86_64 | Red Hat OpenJDK 17, Eclipse Adoptium Temurin 17 |
| 24.0.x | Windows Server 2022, 2019 | x86_64 | Red Hat OpenJDK 17, Eclipse Adoptium Temurin 17 |
RHBK Server for 3rd-party container environments (e.g other Kubernetes/xKS, Docker, etc.):
Red Hat does not, cannot test Red Hat build of Keycloak on every public cloud provider Kubernetes platform. Red Hat build of Keycloak Support on 3rd-party containerized/kubernetes environments is covered under this KBase article.
Red Hat build of Keycloak 24.0.x Server Tested and Supported Integrations
Tested Integrations are a defined set of specifically tested integrating technologies that represent the most common combinations that Red Hat customers are using. For these integrations, Red Hat has directly, or through certified partners, exercised a full range of platform tests as part of the product release process. Issues identified as part of this testing process are highlighted in release notes for each Red Hat build of Keycloak release.
Databases [6]:
The following databases and jdbc drivers are tested and certified as part of Red Hat build of Keycloak 24.0.x release:
| Databases | Tested Versions (JDBC Drivers Versions) | Supported Versions |
|---|---|---|
| PostgreSQL | 15.6 (PostgreSQL Driver v42.6.0) | 15.x, 14.x, 13.x |
| MySQL | 8.0.36 (MySQL Connector/J 8.0.33) | 8.0.x |
| MariaDB | 10.11 (MariaDB Connector/J 3.1.4) | 10.11 (LTS), 10.6 (LTS) |
| Microsoft SQLServer | 2022 (JDBC Driver 12.2 for SQL Server/12.2.0.jre11) | 2022, 2019 |
| Oracle | 19c (19.3.0) (Oracle JDBC Driver v23.2.0.0) | 19.3.0 (Note: Oracle RAC is also supported if using the same database engine version, aka 19.3.0) |
| Amazon Aurora PostgreSQL | 15.5 (AWS JDBC driver wrapper) | 15.x |
Multi-Site [7]:
The following are the tested and certified integrated components for Multi-Site High Availability Active/Passive support:
| Component | Tested Versions | Supported Versions |
|---|---|---|
| Red Hat Data Grid | 8.4.7 | 8.4.7+ |
| AWS Aurora PostgreSQL | 15.5 (with AWS JDBC Driver Wrapper) | 15.5+ (Note: Aurora PostgreSQL is the only tested, certified, and supported database for Multi-Site deployment for now.) |
Refer to this KBase article for more information on the Multi-Site support scope with Frequently Asked Questions.
User Federation / LDAP - Kerberos - SSSD:
User Federation has been tested with following directory providers:
| Directory provider | Tested Versions | Supported Versions |
|---|---|---|
| Red Hat Directory Server (RHDS) | 12 | 12, 11 |
| Microsoft Active Directory 2016 | 2019¹ | 2019¹, 2022¹ |
| Microsoft Active Directory 2016 with Kerberos | 2019¹ | 2019¹, 2022¹ |
| Red Hat Enterprise Linux IdM | IdM RHEL 9 | IdM RHEL 9, 8, 7 |
| SSSD | FreeIPA/IdM RHEL 9 | IdM RHEL 9, 8, 7 |
¹ MSAD running on Windows Server 2019/2022 versions
Web Browsers:
Red Hat build of Keycloak 24.0.x Administration Console has been tested with Google Chrome and Firefox, but supported with the following list of browsers:
| Browser | Version |
|---|---|
| Chrome | latest |
| Firefox | latest |
| Edge | latest |
| Safari | latest |
Red Hat build of Keycloak 24.0.x Client Adapters Tested and Supported Configurations
The OpenID Connect (OIDC) protocol is now widely supported across the Java Ecosystem and other popular frameworks. A much better interoperability and support is achieved by using the capabilities available from the technology stack of your applications platforms, such as your application server or framework. For example, Red Hat JBoss EAP version 8.x has a native built-in support for OIDC. This means that some of the Keycloak Client Adapters are now deprecated and no longer released starting with the Red Hat build of Keycloak 22.0 release version.
Red Hat build of Keycloak produces and supports the following Client Adapters for both OIDC and SAML based client applications, while maintaining full compatibility with the legacy RH-SSO 7.6 client adapters for their remaining life cycle.
RHBK 24.0.x Server Compatibility with RHBK OIDC Client Adapters:
| Component/Framework | Client Adapter | Component/Framework Version |
|---|---|---|
| Node.js | RHBK 24.0 Node.js OIDC Adapter | Node.js 16 (LTS), 18 (LTS) |
| Node.js | RHBK 22.0 Node.js OIDC Adapter | Node.js 16 (LTS), 18 (LTS) |
| JavaScript | RHBK 24.0 Client-side JavaScript Adapter | All major web browsers |
| JavaScript | RHBK 22.0 Client-side JavaScript Adapter | All major web browsers |
Notes:
* For JBoss EAP 8.x, it is recommended to use the EAP Native OIDC support (i.e. Elytron OIDC) with the RHBK 24 AuthZ client.
* For Spring Boot 3.x, it is recommended to use the Spring Security native OIDC support, with the RHBK 24 AuthZ client.
RHBK 24.0.x Server Compatibility with RHBK SAML Client Adapters:
| Component/Framework | Client Adapter | Component/Framework Version |
|---|---|---|
| JBoss EAP 8.x | RHBK 24.0 SAML Client Adapter | EAP 8.x |
| JBoss EAP 8.x | RHBK 22.0 SAML Client Adapter | EAP 8.x |
RHBK 24.0.x Server Compatibility with RH-SSO 7.6 Client-side Adapters:
| Component/Framework | Client Adapter | Component/Framework Version | Client-side JVM |
|---|---|---|---|
| JBoss EAP 7.x | RH-SSO 7.6 OIDC Client Adapter for JBoss EAP 7 | EAP 7.4 | Oracle JDK 1.8, 11 ; IBM JDK 1.8 ; Red Hat OpenJDK 1.8, 11, 17 |
| JBoss EAP 7.x | RH-SSO 7.6 SAML Adapter for JBoss EAP 7 | EAP 7.4 | Oracle JDK 1.8, 11 ; IBM JDK 1.8 ; Red Hat OpenJDK 1.8, 11, 17 |
| JBoss Fuse 7.x | RH-SSO 7.6 OIDC Client Adapter for Fuse 7 | Fuse 7.12+ | Red Hat OpenJDK 1.8, 11 ; Oracle JDK 1.8, 11 ; IBM JDK 1.8 |
| Spring Boot 2.x | RH-SSO 7.6 OIDC Client Adapter for Spring Boot 2 | SpringBoot 2.7 | Red Hat OpenJDK 1.8, 11 ; Oracle JDK 1.8, 11 ; IBM JDK 1.8 |
| Servlet Filter | RH-SSO 7.6 Client Adapter for Servlet Filters | Any Java Servlet AppServer platform | Red Hat OpenJDK 1.8, 11 ; Oracle JDK 1.8, 11 ; IBM JDK 1.8 |
Red Hat build of Keycloak 22.0.x
Red Hat build of Keycloak 22.0.x Server Supported Configurations
Red Hat tests and supports the Red Hat build of Keycloak 22.0.x running in one of the following OpenShift, Operating Systems and JVMs platforms.
RHBK Server for OpenShift:
Support for Red Hat build of Keycloak on OpenShift is under the guidelines as defined in the knowledge article for Support of Red Hat Middleware products and components on Red Hat OpenShift. Also refer to the Red Hat OpenShift Container Platform Life Cycle Policy for details about the life cycle of each OpenShift release version.
| RHBK Server | OpenShift Container Platform [2] | Chipset Architecture | Container Image / JVM |
|---|---|---|---|
| 22.0.x | 4.15, 4.14, 4.13, 4.12 [3] | x86_64, s390x [4], ppc64le [4] | ubi9/openjdk-17 |
RHBK Server for RHEL, Windows (and other OS):
| RHBK Server | Operating System [5] | Chipset Architecture | Java Virtual Machine |
|---|---|---|---|
| 22.0.x | Red Hat Enterprise Linux (RHEL) 9, 8 | x86_64 | Red Hat OpenJDK 17, Eclipse Adoptium Temurin 17 |
| 22.0.x | Windows Server 2022, 2019 | x86_64 | Red Hat OpenJDK 17, Eclipse Adoptium Temurin 17 |
RHBK Server for 3rd-party container environments (e.g other Kubernetes/xKS, Docker, etc.):
Red Hat does not, cannot test Red Hat build of Keycloak on every public cloud provider Kubernetes platform. Red Hat build of Keycloak Support on 3rd-party containerized/kubernetes environments is covered under this KBase article.
Red Hat build of Keycloak 22.0.x Server Tested and Supported Integrations
Tested Integrations are a defined set of specifically tested integrating technologies that represent the most common combinations that Red Hat customers are using. For these integrations, Red Hat has directly, or through certified partners, exercised a full range of platform tests as part of the product release process. Issues identified as part of this testing process are highlighted in release notes for each Red Hat build of Keycloak release.
Databases [6]:
The following databases and jdbc drivers are tested and certified as part of Red Hat build of Keycloak 22.0.x release:
| Databases | Tested Versions (JDBC Drivers Versions) | Supported Versions |
|---|---|---|
| PostgreSQL | 15.2 (PostgreSQL Driver v42.6.0) | 15.x, 14.x, 13.x |
| MySQL | 8.0.35 (MySQL Connector/J 8.0.33) | 8.0.x |
| MariaDB | 10.11 (MariaDB Connector/J 3.1.4) | 10.11 (LTS), 10.6 (LTS) |
| Microsoft SQLServer | 2022 (JDBC Driver 12.2 for SQL Server/12.2.0.jre11) | 2022, 2019 |
| Oracle | 19c (19.3.0) (Oracle JDBC Driver v23.2.0.0) | 19.3.0 (Note: Oracle RAC is also supported if using the same database engine version, aka 19.3.0) |
User Federation / LDAP - Kerberos - SSSD:
User Federation has been tested with following directory providers:
| Directory provider | Tested Versions | Supported Versions |
|---|---|---|
| Red Hat Directory Server (RHDS) | 11 | 11, 12 |
| Microsoft Active Directory 2016 | 2019¹ | 2019¹, 2022¹ |
| Microsoft Active Directory 2016 with Kerberos | 2019¹ | 2019¹, 2022¹ |
| Red Hat Enterprise Linux IdM | IdM RHEL 7 | IdM RHEL 7, 8, 9 |
| SSSD | FreeIPA/IdM RHEL 9 | IdM RHEL 7, 8, 9 |
¹ MSAD running on Windows Server 2019/2022 versions
Web Browsers:
Red Hat build of Keycloak 22.0.x Administration Console has been tested with Google Chrome and Firefox, but supported with the following list of browsers:
| Browser | Version |
|---|---|
| Chrome | latest |
| Firefox | latest |
| Edge | latest |
| Safari | latest |
Red Hat build of Keycloak 22.0.x Client Adapters Tested and Supported Configurations
The OpenID Connect (OIDC) protocol is now widely supported across the Java Ecosystem and other popular frameworks. A much better interoperability and support is achieved by using the capabilities available from the technology stack of your applications platforms, such as your application server or framework. For example, Red Hat JBoss EAP version 8.x has a native built-in support for OIDC. This means that some of the Keycloak Client Adapters are now deprecated and no longer released starting with the Red Hat build of Keycloak 22.0 release version.
Red Hat build of Keycloak produces and supports the following Client Adapters for both OIDC and SAML based client applications, while maintaining full compatibility with the legacy RH-SSO 7.6 client adapters for their remaining life cycle.
RHBK 22.0.x Server Compatibility with RHBK OIDC Client Adapters:
| Component/Framework | Client Adapter | Component/Framework Version |
|---|---|---|
| Node.js | RHBK 22.0 Node.js OIDC Adapter | Node.js 16 (LTS), 18 (LTS) |
| JavaScript | RHBK 22.0 Client-side JavaScript Adapter | All major web browsers |
Notes:
* For JBoss EAP 8.x, it is recommended to use the EAP Native OIDC support (i.e. Elytron OIDC) with the RHBK 22 AuthZ client.
* For Spring Boot 3.x, it is recommended to use the Spring Security native OIDC support, with the RHBK 22 AuthZ client.
RHBK 22.0.x Server Compatibility with RHBK SAML Client Adapters:
| Component/Framework | Client Adapter | Component/Framework Version |
|---|---|---|
| JBoss EAP 8.x | RHBK 22.0 SAML Client Adapter | EAP 8.x |
RHBK 22.0.x Server Compatibility with RH-SSO 7.6 Client-side Adapters:
| Component/Framework | Client Adapter | Component/Framework Version | Client-side JVM |
|---|---|---|---|
| JBoss EAP 7.x | RH-SSO 7.6 OIDC Client Adapter for JBoss EAP 7 | EAP 7.4 | Oracle JDK 1.8, 11 ; IBM JDK 1.8 ; Red Hat OpenJDK 1.8, 11, 17 |
| JBoss EAP 7.x | RH-SSO 7.6 SAML Adapter for JBoss EAP 7 | EAP 7.4 | Oracle JDK 1.8, 11 ; IBM JDK 1.8 ; Red Hat OpenJDK 1.8, 11, 17 |
| JBoss Fuse 7.x | RH-SSO 7.6 OIDC Client Adapter for Fuse 7 | Fuse 7.12+ | Red Hat OpenJDK 1.8, 11 ; Oracle JDK 1.8, 11 ; IBM JDK 1.8 |
| Spring Boot 2.x | RH-SSO 7.6 OIDC Client Adapter for Spring Boot 2 | SpringBoot 2.7 | Red Hat OpenJDK 1.8, 11 ; Oracle JDK 1.8, 11 ; IBM JDK 1.8 |
| Servlet Filter | RH-SSO 7.6 Client Adapter for Servlet Filters | Any Java Servlet AppServer platform | Red Hat OpenJDK 1.8, 11 ; Oracle JDK 1.8, 11 ; IBM JDK 1.8 |
Comments