Last checked and updated on April 19, 2026What Is New in Keycloak 4.1
This release delivers a mix of new features, significant upgrades, and crucial bug fixes. The focus is on modernizing the underlying platform and improving the developer experience.
| Category | Key Highlights |
|---|---|
| New Features | OpenShift 3 support, X.509 client certificate authentication, WebAuthn protocol support preview. |
| Improvements | Upgraded to WildFly 13, Infinispan 9.3, major Admin Console UI overhaul. |
| Bug Fixes | Over 120 issues resolved across authentication, authorization, and administration. |
| Deprecations | JavaScript adapter is deprecated in favor of the new JavaScript adapter (v2). |
What are the major platform upgrades?
The core application server and data grid received significant version bumps. This matters because it brings performance improvements, new capabilities, and better long-term support from the underlying technologies.
Keycloak now runs on WildFly 13. This upgrade provides a more stable and performant foundation. The internal data grid was upgraded to Infinispan 9.3, which enhances caching and clustering capabilities.
How has the Admin Console changed?
The administration interface got a complete visual and structural refresh. In practice, this means a more modern and intuitive user experience for managing realms, clients, and users.
The overhaul wasn't just cosmetic. It included a redesign of the main navigation and a general cleanup of the UI. This makes daily administrative tasks noticeably smoother.
What new authentication methods were added?
This release introduced support for X.509 client certificate authentication and a preview of WebAuthn. X.509 support allows for strong, certificate-based client-to-server authentication.
The WebAuthn protocol preview is a step towards passwordless authentication. It's an early implementation based on the evolving standard, allowing for experimentation with biometrics and security keys.
Is there better support for containerized deployments?
Yes, official support for OpenShift 3 was added. This simplifies deployment and operation of Keycloak within OpenShift environments.
Before this, running on OpenShift was possible but not officially supported. This change provides a validated and recommended path for deployment on this specific Kubernetes platform.
What happened to the JavaScript adapter?
The original JavaScript adapter was deprecated. It's being replaced by a newer, more modern version often referred to as the JavaScript adapter (v2).
You should start planning to migrate any applications using the old keycloak.js. The new adapter offers a better API and aligns with modern JavaScript development practices.
FAQ
Is the WebAuthn support in 4.1 production-ready?
No, the WebAuthn support is marked as a preview. It's based on an older draft of the specification and is intended for experimentation and feedback, not for production use cases.
Why was the Admin Console redesigned?
The redesign focused on improving usability and modernizing the look and feel. The goal was to make the complex configuration tasks in Keycloak more intuitive and less cumbersome for administrators.
What is the impact of the WildFly 13 upgrade?
You get all the performance and security patches that come with a newer WildFly release. In practice, it means a more stable and secure foundation for your Keycloak server without changing how you use Keycloak itself.
Should I immediately migrate from the deprecated JavaScript adapter?
You don't have to do it immediately as the old adapter still works. However, you should plan the migration for a future maintenance window since it will eventually be removed. The new adapter is the path forward.
How many bugs were fixed in this release?
The 4.1.0.Final release closed over 120 issues. These fixes addressed problems across the board, including authentication flows, client registration, and the Admin Console.