Last checked and updated on April 19, 2026What Is New in Keycloak 15.1
Keycloak 15.1 delivers incremental improvements across its core services, focusing on the admin experience, authentication flows, and underlying infrastructure. Here's a quick summary of the key changes.
| Category | Highlights |
|---|---|
| New Features | Client Policies, Admin UI for User Profile configuration, Script-based Authentication executions. |
| Improvements | Performance enhancements for user searches, Admin UI usability, and JavaScript policy handling. |
| Bug Fixes | Numerous fixes across themes, SAML processing, OIDC flows, and database interactions. |
| Deprecations | Legacy JavaScript policy support is deprecated in favor of the new JavaScript-based authentication. |
How are Client Policies changing configuration management?
Client Policies introduce a centralized, rule-based engine for enforcing security and configuration standards across your clients. This replaces the older, more manual approach to client configuration.
You can now define global policies that automatically apply settings like requiring Proof Key for Code Exchange (PKCE) or specific token formats. In practice, this means less configuration drift and a more consistent security baseline for all your applications.
What's new for managing User Profiles in the Admin UI?
The Admin UI now includes a dedicated interface for configuring the User Profile, moving this capability out of the realm JSON file. This makes it significantly easier to manage custom user attributes and validation rules without direct file edits.
You can visually define which attributes are required, add validators, and configure permissions. This matters because it opens up user profile customization to admins who may not be comfortable manually editing complex JSON configurations.
How does the new script-based authentication execution work?
Keycloak 15.1 adds the ability to write and execute custom authentication logic directly within the Admin UI using JavaScript. This feature provides a middle ground between built-in flows and developing a full SPI.
You can now script conditional authentication steps, custom form validations, or integrations with other systems without a full deployment cycle. It's a powerful tool for prototyping or implementing one-off authentication requirements quickly.
What performance improvements should I expect?
This release includes optimizations for user search operations, particularly when using the default database. The changes reduce the number of generated SQL queries, which should lead to faster response times in realms with large numbers of users.
There are also enhancements to how JavaScript policies are executed, making them more efficient. For large-scale deployments, these incremental gains can add up to meaningful improvements in overall system throughput.
FAQ
Is the legacy JavaScript policy support being removed?
It is now deprecated. While it still works in 15.1, you should migrate to the new JavaScript-based authentication executions, as the old policy support will be removed in a future release.
Can I use the new User Profile UI to make existing attributes required?
Yes. The new interface allows you to configure validators and requirement settings for both built-in and custom user attributes without editing the realm JSON.
Do Client Policies work with dynamic client registration?
Yes. A primary use case for policies is to automatically enforce security standards on dynamically registered clients, ensuring they comply with your realm's configuration rules.
What happens to my existing realm.json userProfile configuration?
The existing configuration remains functional. The new Admin UI provides a visual way to manage the same settings that were previously only available in the JSON file.
Are the script-based authentication executions secure for production?
They execute in a secured JavaScript environment (Nashorn). For complex, high-risk logic, a custom Authentication SPI is still recommended, but for many use cases, the scripting is a viable option.