Last checked and updated on April 19, 2026What Is New in Keycloak 14.0
Keycloak 14.0 delivers a solid set of updates focused on modernizing the admin experience and enhancing security protocols. This release introduces a new admin UI, tighter OpenID Connect compliance, and several quality-of-life improvements for developers.
| Category | Key Changes |
|---|---|
| New Features | New Admin UI, OpenID Connect Logout Conformity, Client Policies (Tech Preview) |
| Improvements | JavaScript Policy Support, Account Console Updates, Performance Optimizations |
| Deprecations & Removals | Deprecated WildFly Distribution, Removed JavaScript Adapters |
| Bug Fixes | Numerous fixes across authentication, authorization, and user management |
Why is there a new Admin UI?
The new Admin UI is a complete rewrite using React and PatternFly 4, replacing the older AngularJS interface. This isn't just a facelift; it's a foundational shift for better performance and future extensibility. In practice, admins will notice a more responsive and modern interface for managing realms, clients, and users.
What changed with JavaScript adapters?
The legacy JavaScript adapters have been removed entirely. This is a significant change for front-end applications that relied on the old keycloak.js. The official guidance now is to use the JavaScript Adapter for Core, which provides a more standard and maintainable approach for integrating Keycloak with modern JS applications.
How does OpenID Connect logout improve?
Keycloak 14.0 now fully conforms to the OpenID Connect RP-Initiated Logout specification. This means logout flows are more standardized and reliable across different clients and identity providers. It matters because it eliminates edge cases and ensures a consistent logout experience for end-users.
What are Client Policies?
Client Policies are a new tech preview feature for defining and enforcing security rules across your OIDC clients. You can create policies using JavaScript, giving you granular control over client settings and behavior. This is a powerful tool for admins who need to enforce security standards across a large number of clients dynamically.
Is the WildFly distribution still supported?
The WildFly distribution is now deprecated. The focus has fully shifted to the Quarkus-based distribution, which offers faster startup times and a smaller memory footprint. For new deployments, you should be using the Quarkus distribution.
FAQ
We use the old JavaScript adapter, what should we do now that it's removed?
You must migrate to the new JavaScript Adapter for Core. The old adapter will no longer work with 14.0. Check the migration guide for steps on updating your front-end code.
Is the new Admin UI feature-complete compared to the old one?
Yes, the new React-based Admin UI includes all the functionality of the old interface. You shouldn't find any missing features for core administration tasks.
What's the deal with the WildFly distribution being deprecated?
Keycloak is betting on Quarkus for the future. The Quarkus distribution is lighter, faster, and where all new development is happening. Plan to migrate if you're still on WildFly.
Can I use Client Policies in production?
Client Policies are marked as a tech preview. This means they're available for testing and feedback but aren't recommended for production environments yet.
Does the new OpenID Connect logout break existing clients?
It shouldn't break properly implemented clients. The update ensures better compliance with the spec, which improves interoperability. Most clients will just see more reliable logout behavior.