Nubus for Kubernetes: The Most Important Highlights from the First Half of 2025

With the release of Nubus for Kubernetes 1.13, a new web interface for managing the second factor in productive use is now available. Administrators and helpdesk staff can intervene much more easily when end users lose their token generator (e.g., due to a lost smartphone).
The module allows the rollout of a new token generator to be triggered directly – without detours via the complex Keycloak Admin UI, which was previously required and demanded overly extensive access rights for helpdesk staff.

The new web interface is currently only available for Kubernetes but will also be provided for Nubus on UCS in the coming months.

The portal has been significantly improved in terms of user-friendliness for end users and has been expanded with numerous new features.

• Quick Links in the drop-down menu above the tiles provide direct access to frequently used functions.

• Freely configurable Corner Links appear as a floating element at the bottom right and can display user-dependent references to content such as the imprint or help pages.

• Improved personalization: After logging in, the user’s profile picture now appears at the top right, complemented by the full name in the menu.

• New Newsfeed element: Enables the integration of RSS feeds from WordPress or XWiki, flexibly configurable and, when using XWiki, also dependent on the access rights of the logged-in account.

• Accessibility: Initial improvements for keyboard navigation and screen readers, with more to follow gradually.

Some of the new features are currently still in preview status and are available exclusively for Kubernetes. Please contact us before productive use. The rollout for UCS will take place step by step – as always, we will keep you updated on further innovations here in the blog.

A lot has also happened in day-to-day operations:

• The handling of service passwords has been revised as part of deployments, simplifying both assignment and modification during ongoing operation.
• To improve operational security, the so-called init containers, which take over configuration processes during the installation of Nubus for Kubernetes, now operate completely without “root” privileges.
• As usual, upstream components have been regularly updated – from individual libraries within the container images to Keycloak, which is now included in version 26.3 and closes several known vulnerabilities. Details can be found in the changelogs of the Nubus for Kubernetes release notes.
• For quick test deployments, we reference several container images from Bitnami to provide dependencies such as an SQL server. Bitnami has decided to move all images, which means that references in previous Nubus releases no longer work. Nubus 1.13 has been adapted to Bitnami’s new structures. Productive installations are not affected by this change.

Also newly included as technology preview is the SCIM server. SCIM (“System for Cross-domain Identity Management”) is a standardized API for exchanging information about users, groups, and permissions. With this, Nubus can receive user information, for example, from HR or IAM systems.

Currently in development is the counterpart, the SCIM client. In the future, this will allow user accounts stored in Nubus to be forwarded to a SCIM server of another application. This will make it easier to establish integrations with a complete user lifecycle – including the automatic transfer of changes when creating, updating, or deleting user accounts.

The best part: no connector development is required for integration – the interface can be set up entirely through configuration.

We will continue to report here on the blog about further developments of the SCIM API. If you know applications that support SCIM and that we should include in our testing, we look forward to your feedback!