Friday, 10 July 2026 Newsarchy UK live index
NewsarchyUKUK
Every UK story. Mapped, sourced, and explained where it matters.
NHS

Keycloak update adds multi-cluster high availability and SCIM API support

Keycloak has launched a significant update featuring native multi-cluster high availability and SCIM API support, aiming to reduce operational complexity for identity systems.

Keycloak update adds multi-cluster high availability and SCIM API support
Keycloak update adds multi-cluster high availability and SCIM API support

Keycloak has released a significant update that fundamentally alters how the platform handles multi-cluster environments and cross-domain identity management. By moving away from external dependencies and introducing standardized APIs, the platform seeks to reduce operational complexity for large-scale deployments. This technical pivot follows a period where the NHS has been simultaneously modernising its own digital infrastructure via a separate £10 billion investment focused on patient-facing artificial intelligence.

Multi-Cluster High Availability

The most substantial architectural shift in this Keycloak update is the introduction of a multi-cluster high-availability model that removes the requirement for external Infinispan clusters. Previously, maintaining cross-site session replication required complex, vendor-specific fencing infrastructure to manage failover. The new approach relies on embedded caches and a synchronously replicated database to serve as the single source of truth, with a database-backed outbox pattern managing cache invalidation across sites. This design allows load balancers to identify site downtime without necessitating external mediation, simplifying the deployment of global identity services.

Media additions

Image via independent.co.uk
Image via independent.co.uk
Image via online.hscni.net
Image via online.hscni.net

Standardised Identity Management

The update also promotes the SCIM (System for Cross-domain Identity Management) API to a preview feature. This protocol, which enables the automated provisioning and deprovisioning of users and groups across disparate systems, is intended to assist organisations in integrating identity governance platforms and human resources systems. While currently disabled by default, the implementation supports full CRUD and PATCH operations, schema extensions, and filtering. This aligns with broader industry trends toward vendor-neutral protocols, echoing the platform’s new support for the OpenID AuthZEN Authorization API, which provides a standardised interface between Policy Decision Points and Policy Enforcement Points.

Security and Operational Enhancements

The update addresses long-standing gaps in session security and administrative delegation:

  • OpenID Shared Signals Framework (SSF): Keycloak can now function as a transmitter, pushing security event tokens to relying parties in near real-time. This ensures that session revocations or credential changes are propagated immediately, rather than waiting for token refreshes.
  • Fine-Grained Admin Permissions: Organisations can now delegate management roles without granting high-privilege access, using dedicated roles such as view-organizations and query-organizations.
  • Identity Brokering V2: The new API design introduces confidential client requirements and session-based token storage to improve security for federated logins.

Contextual Alignment: NHS Digital Transformation

As the health service works to improve patient care, it is implementing its own suite of digital tools. Notably, the £10 billion tech overhaul includes the introduction of an AI-driven triage tool in the NHS App. This tool adapts questioning based on patient responses to direct individuals to appropriate care—ranging from GP appointments to pharmacy advice.

The NHS rollout is progressing across several trusts, including St George’s, Epsom and St Helier, Croydon, and Kingston and Richmond, where "ambient voice technology" is being deployed to automate clinical notetaking. According to National Health Executive, initial trials at St George’s Hospital indicated that clinicians could see one additional patient per shift. However, the Royal College of Nursing has issued caution regarding these deployments, warning that improvements to basic IT infrastructure must remain a priority alongside new AI tools to ensure safety and prevent increased bureaucracy.

What to Watch Next

For those tracking Keycloak developments and public sector IT, the following milestones remain relevant:

Focus Area Expected Progression
Keycloak SCIM API Evaluation for transition from preview to fully supported status.
NHS App Triage Reaching 200,000 patients in the coming 12 months, leading to a full rollout by April 2028.
AI Notetaking Continued expansion to over 3,000 clinicians at Alder Hey and Manchester University trusts.
Identity Assertion Ongoing development of the Identity Assertion JWT Authorization Grant flow (experimental).

Related stories