Any security concerns between version Keycloak 12.0.0 and Keycloak 10.0.0?

Due to my project is .Net Framework 4.6 WebForm architecture, I am quite sure it is not able to support Keycloak 12.0.0 directly so I am trying to use an older version of Keycloak.

bump so that this post gets some attentions

Why is your application unable to support 12.0.x? It is not recommended to use older versions, as there are CVEs that get fixed in the current version.

Hi @xgp , because there is limited support for .NET Web Form and that is the reason. Do you have any solution?

ASP.NET Web Forms applications can be secured via OpenId Connect. I can’t see any reason why this wouldn’t be compatible with Keycloak 12.0.x. If you can provide more context about your project, or any sample code, we might be able to help you here.

But I can’t find a working .NET KeyCloak adapter for myself, not sure do you know any which is still working fine with the latest KeyCloak version?

Xgp is saying that you don’t need any library which has keycloak in the name, but only library with open id connect standard support .

Is that what he meant? The reason that I want to use KeyCloak because I want to achieve single sign-on. I have 2 different applications and the same user table in the system and if the user signed-in into one of the applications it should be allowed to access the other.

Can Open Id achieve this? If you don’t mind please explain more to me or provide me some reference links, thanks.

Single sign-on (SSO) is achieved by SSO protocol e.g. Open ID Connect (OIDC). So you can have SSO with any Identity Provider (IDP) which support OIDC protocol.

You have selected Keycloak to use as IDP, but that’s not stopping you to use any OIDC library, which should work with Keycloak as well. Libraries, Products, and Tools | OpenID is good starting point.

Here’s a good tutorial on adding OpenID Connect authentication to an ASP.NET application:

Just replace “Microsoft Identity Platform” with “Keycloak”.