Last checked and updated on April 19, 2026What Is New in Keycloak 4.2
| Category | Description |
|---|---|
| New Features | OpenShift 3.11 support, WebAuthn passwordless authentication preview, and new Identity Provider mappers. |
| Improvements | Enhanced admin console, performance upgrades, and better Docker image configuration. |
| Bug Fixes | Numerous fixes across authentication flows, client registration, and SAML handling. |
| Security | Updates to underlying libraries and security advisories addressed. |
| Deprecated | Legacy account console and older adapter paths marked for removal. |
What are the major new features in Keycloak 4.2?
Keycloak 4.2 introduced official support for OpenShift 3.11, making deployment on this platform a first-class citizen. A significant preview feature is WebAuthn support for passwordless authentication, which is a step towards modern, phishing-resistant logins. New Identity Provider mappers were also added, giving developers more flexibility in how user data is handled during federated logins.
In practice, the OpenShift support simplifies container-based deployments for many enterprise teams. The WebAuthn preview is a big deal for anyone planning a future without passwords, though it's not yet production-ready.
How was the admin experience improved?
The admin console received usability upgrades, making it easier to navigate and manage realms and clients. Underlying performance enhancements were made to handle larger workloads more efficiently. Configuration of the official Docker images was also improved for better flexibility in cloud environments.
These changes matter because a smoother admin experience directly translates to less time spent on routine maintenance tasks. The performance tweaks are crucial for anyone running Keycloak at scale with a high number of users or transactions.
What important bugs were squashed in this release?
This release addressed a range of issues, particularly around authentication flow handling and client registration processes. Several bugs related to SAML protocol handling were fixed, improving interoperability with external identity providers. Other fixes resolved problems with specific user federation scenarios and token validation.
For developers, the SAML fixes mean fewer headaches when integrating with enterprise systems. The authentication flow corrections prevent edge cases that could previously break user login experiences.
Were there any security updates?
Keycloak 4.2 included updates to several underlying libraries to address potential vulnerabilities. The release notes reference specific security advisories that were resolved in this version. These updates help maintain the overall security integrity of the identity and access management system.
Staying current with these library updates is essential for maintaining a secure deployment, as they often address vulnerabilities that could be exploited in the wild.
What was deprecated and should be migrated away from?
The legacy account console was marked as deprecated in this release, signaling that teams should begin migrating to the new account console. Some older adapter paths and configuration options were also flagged for future removal.
This is a heads-up for teams still using the old account management interface. Planning this migration early avoids breaking changes when these deprecated features are eventually removed entirely.
FAQ
Is the WebAuthn support in 4.2 production ready?
No, the WebAuthn implementation is a preview feature intended for testing and evaluation. It's not recommended for production use until it reaches stable status in a future release.
Does OpenShift 3.11 support require special configuration?
The support is built-in, so deployment follows standard OpenShift procedures. However, you should review the updated documentation for any specific configuration parameters that might differ from previous versions.
What's the main reason to upgrade to 4.2 from 4.1?
The OpenShift support if you're deploying on that platform, or the various bug fixes that address specific authentication and SAML issues you might be experiencing.
Are there breaking changes in the 4.2 release?
While there are deprecations warning of future breaking changes, the release focuses on additive features and fixes rather than immediate breaking changes to existing functionality.
How significant are the performance improvements?
The performance enhancements are incremental rather than revolutionary. They help with scalability under heavy load but won't dramatically change performance for small to medium deployments.