Support for Java17

Hi team,

Any idea on Keycloak support for Java 17.


Have you tried it? There are not “officially supported” versions of Java/DB/etc. for Keycloak, just minimums. If it works, you should be fine.

haven’t tried it yet… wanted to check if keycloak has any plans supporting it.

@xgp - What Latest Java version does Keycloak support?

currently, in Keycloak 15 Version I still see it support Java 8 JDK

As I said, I don’t believe there are any “officially supported” versions. You can buy commercial support for the Redhat SSO product, and I’m sure they’d be happy to tell you which JDK versions are supported. This board is more of a community where we share our experiences.

I personally have run the current Keycloak on JDK 8 and 11 in production. I just downloaded and tried it on JDK 17 and it seems to work just fine. However, if you are planning to use it in production, I’d recommend testing it out yourself, and sharing any problems here for the benefit of the community.

Thank you @xgp this helps us to go on the right path now. I appreciate your quick responses.

It would be more help full if you could review the question posted below and let us know your inputs.

There is no great guide for large upgrades like that. Couple of thoughts:

  1. Read the official upgrade documentation: Upgrading Guide
  2. With your data from production, test incremental upgrades between versions. I.e. you might be able to upgrade from 3.4.0 to X.0.0, but it also might break something unexpected. If you go one major version at a time, it will be more likely to succeed. However test the upgrade version steps before you do it in production. There have been problems reported here and the mailing list about huge upgrades like this. You want to be sure, with your real data, before running it in prod.

Thank you @xgp for your quick response :slight_smile:
Is there any Stable Version that we need to consider to upgrade like 15.0 minus 2 version or should we jump on directly to Latest Version.

That’s up to you and your testing. However, I’m aware of people running 15.0.2 in production with no problems.

KeyCloak is backed by WildFly, that, currently, is officially supported in Java 8 and 11. Major versions is confirmed to run with some issues.

Keycloak.X is backed by Quarkus, I can’t say anything about it.

Wildfly Team will probably upgrade to Java 17, as it is new LTS version, but it is not an easy path.

Thank you @xgp and @claudioweiler for your suggestion.

Can you please help me out on this, when you get a chance… let me know if you need more details…

I could able to resolve this issue when I place the JAR file into KEYCLOAK_HOME/standalone/deployments/ jar file here
instead of "KEYCLOAK_HOME/providers/
Here is the references,

In the older version of Keycloak 3.4.0.FINAL version, the “TokenIntrospectProviderFactory” used to recognize at run time.

after that I also faced one issue that I was seeing " ERROR []"

I resolved this issue by adding the below plugin in POM.xml file,


For those interested. Keycloak 16.1.0 runs fine in Java17.

I have implemented custom SPI that use advance java features such as var declaration, record classes, new pattern matching, etc. It’s all good.

1 Like

Except if you’re using ABAC/JBAC

@xgp Currently I’m using Keycloak-15.0.2 (Wildfly distribution) on JDK 8. And planning to upgrade to 17.0.0.
I wasn’t able to run Keyclok 17.0.0 (Quarkus distribution) on JDK8. With bit of digging around figured out Quarkus doesn’t support JDK 8 in their recent versions.

So does it mean I cannot run Keycloak anymore on JDK 8 ?

Yes, that’s correct.
Keycloak 17 runs on Java 11+

I’m using ABAC and it’s all good.

If you mean that the support for Nashorn is gone and you cannot run Javascript policies, I have good news: you can easily create a SPI that replaces Nashorn with graalvm

e.g. this one: GitHub - thomasdarimont/keycloak-graalvm-js-scripting-provider: GraalVM.JS based JavaScript ScriptingProvider extension for Keycloak.

Thanks for the confirmation @dasniko.
Once the Wildfly distribution completely removed there is no way to run Keycloak on JDK8 then right?

Yes, although I also experienced some problems with KC 16+ (Legacy/Wildfly) with Java 8, which were gone when running KC Legacy with Java 11. Depends on the features one is using and it seams that the behaviour is not clearly distinct.
So, better run you environment with more up-to-date Java versions than this old 8 release. It’s really more than outdated.