Home

Keycloak

Keycloak is an open-source identity and access management (IAM) solution for modern applications and services. It provides single sign-on (SSO) for web apps and services, identity brokering to external identity providers, user federation with existing directories such as LDAP/Active Directory, and comprehensive access management for applications and APIs. It supports standard protocols including OAuth 2.0, OpenID Connect, and SAML 2.0, enabling secure authentication and delegated authorization across diverse clients.

Key features include a customizable login and account management console, multi-factor authentication, and passwordless options. It

The server runs on the Java platform and can be deployed as a standalone service or inside

Governance: Keycloak is an open-source project with development maintained by the community and sponsored by its

offers
role-based
access
control
(RBAC)
and
fine-grained
authorization
via
policies
and
permissions.
Identity
brokering
allows
users
to
authenticate
through
external
IdPs
like
Google,
Facebook,
or
corporate
IdPs,
while
user
federation
connects
Keycloak
to
LDAP/AD
stores.
It
provides
token
services
(access,
refresh
tokens)
and
a
built-in
admin
REST
API
and
a
command-line
interface
for
administration.
containers.
Since
adopting
the
Quarkus-based
distribution,
modern
releases
are
optimized
for
cloud-native
environments
and
support
Docker
and
Kubernetes
deployments.
Keycloak
also
offers
client
adapters
and
extension
points
for
integrating
with
Java,
JavaScript,
and
other
runtimes,
plus
a
graphical
admin
console
for
configuration.
project
developers,
originally
Red
Hat
and
now
managed
under
the
Apache
Software
Foundation.
It
has
broad
adoption
in
enterprises
and
cloud-native
ecosystems,
especially
for
securing
microservices
and
APIs.