Last checked and updated on April 19, 2026What Is New in Keycloak 15.0
This release delivers a mix of new features, significant improvements, and crucial bug fixes. The focus is on enhancing the admin experience and expanding OpenID Connect capabilities.
| Category | Key Highlights |
|---|---|
| New Features | Partial import, OIDC request parameter support, Admin API for client registration policies. |
| Improvements | Admin Console UI refresh, new account console, enhanced client registration. |
| Bug Fixes | Numerous fixes across authentication, authorization, and the admin console. |
| Deprecations | JavaScript adapter deprecation notice. |
What's the deal with the new Admin Console?
The Admin Console got a visual overhaul for better usability. This isn't just a new coat of paint; it streamlines navigation and makes managing your realm configurations more intuitive.
In practice, you'll find it easier to locate settings and perform common tasks. This is part of an ongoing effort to modernize the Keycloak management experience.
How does partial import work?
You can now selectively import specific parts of a realm export JSON file instead of the entire configuration. This is a huge time-saver for updating specific clients, groups, or roles without a full, potentially disruptive, import.
You use it by including an ifResourceExists field in your JSON to define the behavior for existing resources--like skipping or overwriting them. This makes scripting and managing configuration as code much more practical.
What OIDC enhancements were added?
Support for the request parameter was added, allowing authentication requests to be passed as a single JWT. This is a core OIDC feature that enables more complex and secure sign-in flows.
Client registration also got a boost with a new Admin API endpoint for managing registration policies. This gives you programmatic control over the policies that govern dynamic client registration.
Is the JavaScript adapter still safe to use?
The legacy JavaScript adapter is now officially deprecated. You should start planning a migration to the modern JavaScript libraries like the Keycloak JS adapter.
This matters because the old adapter won't be receiving new features and will eventually be phased out. The newer libraries are better maintained and align with current security practices.
FAQ
Should I upgrade to Keycloak 15.0 immediately?
If you rely on the JavaScript adapter, plan the migration first. For others, the upgrade brings valuable fixes and features. Always test in a staging environment first.
What is the main benefit of the partial import feature?
It allows granular control over configuration updates. You can import just a new client or role, skipping existing entities, which minimizes the risk of accidental overwrites.
Does the OIDC `request` parameter support make my app more secure?
It can. It allows the entire authentication request to be signed, providing integrity protection. This helps prevent tampering with parameters like the redirect URI.
Are there any breaking changes in 15.0?
The deprecation of the JavaScript adapter is the main heads-up. The release notes list a few minor changes, like some theme properties becoming optional, but no major breaking changes.
Where can I see the full list of bug fixes?
The complete list is extensive. Refer to the official release notes or the GitHub release page for a detailed changelog of all resolved issues.