Last checked and updated on April 19, 2026What Is New in Keycloak 17.0
This release focuses on modernizing the admin console and introduces several new features and improvements. Here's a quick summary of the key changes.
| Category | Description |
|---|---|
| New Features | New Admin UI, Support for Node.js 16+ adapter, Declarative User Profile configuration. |
| Improvements | Enhanced account console, Better client registration policies, Updated JavaScript adapter. |
| Deprecations & Removals | Legacy WildFly distribution deprecated, Old JavaScript adapter removed. |
| Bug Fixes | Numerous fixes across authentication flows, OIDC compliance, and user management. |
What is the new Admin UI all about?
The old AngularJS admin console has been completely replaced with a new React-based one. This is a major overhaul that modernizes the entire look, feel, and underlying technology of the admin interface.
In practice, this means a smoother, faster user experience. The new UI is more responsive and sets the foundation for future enhancements that were difficult to implement in the old codebase.
How does the User Profile declaration work?
User Profile is no longer just a preview feature. You can now define user attribute configurations declaratively instead of relying on code.
This is done through a JSON file where you specify which attributes are required, read-only, or have specific validations. It moves user metadata configuration out of code and into a more manageable, static definition, which is much easier to version control and deploy.
What changed with the JavaScript adapter?
The old keycloak-js adapter has been removed and replaced with the one previously available under the @keycloak/keycloak-js package. You must now use the package from npm.
This new adapter requires Node.js 16 or higher. If you're still on an old Node version, you'll need to upgrade your environment before updating the Keycloak adapter. This change aligns the client with modern JavaScript runtimes.
Is the WildFly distribution still available?
The legacy WildFly distribution is now deprecated. The primary and recommended way to run Keycloak is using the Quarkus distribution.
The Quarkus base offers significant performance benefits and a smaller footprint. You should start planning your migration to Quarkus if you haven't already, as the WildFly option will likely be removed in a future release.
Were there any important bug fixes?
Yes, this release includes a solid set of bug fixes. Key areas addressed include authentication flow handling, OpenID Connect (OIDC) compliance issues, and user federation.
For example, fixes were made to prevent infinite redirect loops during logout and to correctly handle scopes for OAuth 2.0 Device Authorization Grant. These fixes improve the overall stability and spec compliance of the server.
FAQ
Is the new Admin UI a breaking change?
No, the functionality is the same but implemented in React. The URLs and core concepts remain, so your existing knowledge and scripts should still work.
Do I have to use the declarative user profile?
No, the legacy programmatic way of configuring user profiles is still available. However, the declarative method is now the recommended approach for new configurations.
How do I upgrade my JavaScript adapter?
Uninstall the old keycloak-js package and install @keycloak/keycloak-js from npm. Update your import statements to reflect the new package name.
Can I still run Keycloak on WildFly?
Yes, for now. The WildFly distribution is still available but is deprecated. You should begin testing your deployment on the Quarkus distribution.
Where can I find the JSON schema for the declarative user profile?
The schema is defined in the codebase. You'll need to reference the source or upcoming documentation to see the exact structure for defining attributes and validations.