Awesome Keycloak
Carefully curated list of awesome Keycloak resources.
A curated list of resources for learning about the Open Source Identity and Access Management solution Keycloak. Contains books, websites, blog posts, links to github Repositories.
Contributing
Contributions welcome. Add links through pull requests or create an issue to start a discussion. Please refer to the contributing guide for details.
Contents
- General
- Books
- Articles
- Talks
- Presentations
- Video Playlists
- Community Extensions
- Integrations
- Themes
- Docker
- Deployment Examples
- Example Projects
- Benchmarks
- Help
- Commercial Offerings
- Miscellaneous
General
Documentation
- Keycloak Website
- Current Documentation
- Archived Documentation
- Product Documentation for Red Hat Single Sign-On
Discussion Groups and Mailing Lists
- Keycloak Users Google Group
- Keycloak Developers Google Group
- Keycloak Discourse Group
- Keycloak Developer Chat
- Inactive - User Mailing List
- Inactive - Developer Mailing List
- Mailing List Search
- Keycloak Subreddit
Books
Articles
- How to get Keycloak working with Docker
- Single-Sign-On for Microservices and/or Java EE applications with Keycloak SSO
- Keycloak Admin Client(s) - multiple ways to manage your SSO system
- How to get the AccessToken of Keycloak in Spring Boot and/or Java EE
- JWT authentication with Vert.x, Keycloak and Angular 2
- Authenticating via Kerberos with Keycloak and Windows 2008 Active Directory
- Deploying Keycloak with Ansible
- Easily secure your Spring Boot applications with Keycloak
- How Red Hat re-designed its Single Sign On (SSO) architecture, and why
- OAuth2, JWT, Open-ID Connect and other confusing things
- X509 Authentication with Keycloak and JBoss Fuse
- Running Keycloak on OpenShift 3
- Introducing Keycloak for Identity and Access Management
- Keycloak Basic Configuration for Authentication and Authorisation
- Keycloak on OpenShift Origin
- Identity Management, One-Time-Passwords and Two-Factor-Auth with Spring Boot and Keycloak
- Keycloak Identity Brokering with Openshift
- OpenID Connect Identity Brokering with Red Hat Single Sign-On
- Authentication & user management is hard
- Securing Nginx with Keycloak
- Secure kibana dashboards using keycloak
- Configuring NGINX for OAuth/OpenID Connect SSO with Keycloak/Red Hat SSO
- Keycloak Clustering Setup and Configuration Examples
- MicroProfile JWT with Keycloak
- Keycloak Essentials
- SSO-session failover with Keycloak and AWS S3
- KTOR and Keycloak: authentication with OpenId
- Keycloak: Core concepts of open source identity and access management
- Who am I? Keycloak Impersonation API
- Setup Keycloak Server on Ubuntu 18.04
- Getting started with Keycloak
- Angular, OpenID Connect and Keycloak
- Angular, OAuth 2.0 Scopes and Keycloak
- Keycloak, Flowable and OpenLDAP
- How to exchange token from an external provider to a keycloak token
- Building an Event Listener SPI (Plugin) for Keycloak
- Keycloak user migration – connect your legacy authentication system to Keycloak
- Keycloak Authentication and Authorization in GraphQL
- Kong / Konga / Keycloak: securing API through OIDC
- KeyCloak: Custom Login theme
- Keycloak: Use background color instead of background image in Custom Login theme
- How to turn off the Keycloak theme cache
- How to add a custom field to the Keycloak registration page
- How to setup Sign in with Google using Keycloak
- How to sign in users on Keycloak using Github
- Extending Keycloak SSO Capabilities with IBM Security Verify
- AWS SAML based User Federation using Keycloak
- AWS user account OpenID federation using Keycloak
- How to Run Keycloak in HA on Kubernetes
- How to create a Keycloak authenticator as a microservice?
- keycloak.ch | Installing & Running Keycloak
- keycloak.ch | Configuring Token Exchange using the CLI
- keycloak.ch | Configuring WebAuthn
- keycloak.ch | Configuring a SwissID integration
- Getting Started with Service Accounts in Keycloak
- Building cloud native apps: Identity and Access Management
- X.509 user certificate authentication with Red Hat’s single sign-on technology
- Grafana OAuth with Keycloak and how to validate a JWT token
- How to setup a Keycloak server with external MySQL database on AWS ECS Fargate in clustered mode
- Extending Keycloak: adding API key authentication
- Extending Keycloak: using a custom email sender
- Integrating Keycloak and OPA with Confluent
- UMA 2.0 : User Managed Access - how to use it with bash
- Setting Up A Keycloak Server For Authenticating To FileMaker
- How to Make Keycloak Start Up Faster When There Are a Lot of Offline Sessions
- Using Coder to Develop Keycloak Templates Live (almost)
- Keycloak Passkeys tutorial
- Keycloak as Authorization Server in .NET
- How to use Let's Encrypt certificates with Keycloak
Talks
- JDD2015 - Keycloak Open Source Identity and Access Management Solution
- 2015 Using Tomcat and Keycloak in an iFrame
- 2016 You've Got Microservices Now Secure Them
- 2016 Keycloak: Open Source Single Sign On - Sebastian Rose - AOE conf (german)
- 2016 Sécuriser ses applications back et front facilement avec Keycloak (french)
- 2016 Keycloak and Red Hat Mobile Application Platform
- 2016 Easily secure your Front and back applications with KeyCloak
- 2017 Easily secure your Spring Boot applications with Keycloak - Part 1
- 2017 Easily secure your Spring Boot applications with Keycloak - Part 2
- 2018 How to secure your Spring Apps with Keycloak by Thomas Darimont @ Spring I/O 2018
- 2018 DevNation Live | A Deep Dive into Keycloak
- 2018 IDM Europe: WSO2 Identity Server vs. Keycloak (Dmitry Kann)
- 2018 JPrime|Building an effective identity and access management architecture with Keycloak (Sebastien Blanc)
- 2018 WJAX| Sichere Spring-Anwendungen mit Keycloak
- 2019 Spring I/O | Secure your Spring Apps with Keycloak
- 2019 DevoxxFR | Maitriser sa gestion de l'identité avec Keycloak (L. Benoit, T. Recloux, S. Blanc)
- 2019 DevConf | Fine - Grained Authorization with Keycloak SSO (Marek Posolda)
- 2019 VoxxedDays Minsk | Bilding an effective identity and access management architecture with Keycloak (Sebastien Blanc)
- 2019 Single-Sign-On Authentifizierung mit dem Keycloak Identity Provider | jambit CoffeeTalk
- 2020 Keycloak Team | Keycloak Pitch
- 2020 Keycloak Team | Keycloak Overview
- 2020 Please-open.it : oauth2 dans le monde des ops (french)
- 2022 Secure digital transformation via keycloak's FAPI - DevConf.cz Mini | June 2022
Presentations
Video Playlists
- Keycloak Identity and Access Management by Łukasz Budnik
- Keycloak by Niko Köbler
- Keycloak Playlist by hexaDefence
- Keycloak Tutorial Series by CodeLens
Clients
- Official Keycloak Node.js Admin Client ("Extremely Experimental")
- Keycloak Node.js TypeScript Admin Client by Canner
- Keycloak Go Client by Cloudtrust
- Keycloak Nest.js Admin Client by Relevant Fruit
- Keycloak Mock Library
Community Extensions
- Keycloak Extensions List
- Keycloak Benchmark Project
- Keycloak: Link IdP Login with User Provider
- Client Owner Manager: Control who can edit a client
- Keyloak Proxy written in Go
- Script based ProtocolMapper extension for SAML
- Realm export REST resource by Cloudtrust
- Keycloak JDBC Ping Setup by moremagic
- SMS 2 Factor Authentication for Keycloak via AWS SNS
- SMS 2 Factor Authentiation for Keycloak via SMS by Alliander
- Identity Provider for vk.com
- CAS Protocol Support
- WS-FED Support
- Keycloak Discord Support
- Keycloak Login with User Attribute
- zonaut/keycloak-extensions
- leroyguillaume/keycloak-bcrypt
- SPI Authenticator in Nodejs
- Have I Been Pwned? Keycloak Password Policy
- Keycloak Eventlistener for Google Cloud Pub Sub
- Enforcing Password policy based on attributes of User Groups
- Verify Email with Link or Code by hokumski
- Role-based Docker registry authentication
- SCIM for keycloak
- Keycloak Kafka Module
- Useful Keycloak EventListenerProvider implementations and utilities
- Keycloak: Home IdP Discovery extension
- Keycloak Metrics SPI
- Organizations for Keycloak by p2-inc
- Flexible IdP mapper for OIDC and SAML providers
- 2FA with Code sent via Email
- MagicLink Authenticator by p2-inc
- Keycloak Metrics based on Micrometer
- softwarefactory-project/keycloak-filter-provider-users
- rciam/keycloak-group-management
Integrations
- Keycloak HTTP/MQTT/CoAP IoT Brokers Adapter
- Official Keycloak Node.js Connect Adapter
- Keycloak support for Aurelia
- Keycloak OAuth2 Auth for PHP
- Jenkins Keycloak Authentication Plugin
- Meteor Keycloak Accounts
- HapiJS Keycloak Auth
- zmartzone mod_auth_openidc for Apache 2.x
- Duo Security MFA Authentication for Keycloak
- Extension Keycloak facilitant l'utilisation de FranceConnect
- Ambassador Keycloak Support
- Keycloak Python Client
- Keycloak Terraform Provider
- Keycloak ADFS OpenID Connect
- React/NextJS Keycloak Bindings
- NextJS + tailwind + keycloak integration
- Keycloak Open-Shift integration
- Keycloak, Kong and Konga setup scripts (local development)
- SSO for Keycloak and Nextcloud with SAML
- Keycloak Connect GraphQL Adapter for Node.js
- python-keycloak
- Keycloak and PrivacyId3a docker-compose (local development)
- Nerzal/gocloak Golang Keycloak API Package
- Apple Social Identity Provider for Keycloak
- Micrometer Keycloak extension
- Vault Keycloak Plugin
Quick demo Videos
Themes
- Community Keycloak Ionic Theme
- A Keycloak theme based on the AdminLTE UI library
- GOV.UK Theme
- Carbon Design
- Modern
- Adminlte
- keycloakify: Create Keycloak themes using React
- Keywind: Component-based theme built with Tailwind CSS
- TailwindUI theme
Docker
- Official Keycloak Docker Images
- Keycloak Examples as Docker Image
- Keycloak Maven SDK for managing the entire lifecycle of your extensions with Docker
Kubernetes
- Deprecated Keycloak Helm Chart
- codecentric Keycloak Helm Chart
- Import / Export Keycloak Config
- keycloak-operator
Tools
- keycloakmigration: Manage your Keycloak configuration with code
- tool to autogenerate an OpenAPI Specification for Keycloak's Admin API
- oidc-bash-client
- louketo-proxy (FKA Gatekeeper)
- keycloak-config-cli: Configuration as Code for Keycloak
- Keycloak Pulumi
- Keycloak on AWS
- aws-cdk construct library that allows you to create KeyCloak on AWS in TypeScript or Python
- keycloak-scanner Python CLI
Deployment Examples
Example Projects
- Examples from Keycloak Book: Keycloak - Identity and Access Management for Modern Applications
- Official Examples
- Keycloak Quickstarts
- Drupal 7.0 with Keycloak
- Securing Realm Resources With Custom Roles
- BeerCloak: a comprehensive KeyCloak extension example
- KeyCloak Extensions: Securing Realm Resources With Custom Roles
- Red Hat Single Sign-On Labs
- Spring Boot Keycloak Tutorial
- Custom Keycloak Docker Image of Computer Science House of RIT
- Example of custom password hash SPI for Keycloak
- Example for a custom http-client-provider with Proxy support
- Monitor your keycloak with prometheus
- Custom User Storage Provider .ear with jboss-cli setup
- Keycloak - Experimental extensions by Stian Thorgersen/Keycloak
- Securing Spring Boot Admin & Actuator Endpoints with Keycloak
- A Keycloak Mobile Implementation using Angular v4 and Ionic v3
- Example for Securing Apps with Keycloak on Kubernetes
- Example for Securing AspDotNet Core Apps with Keycloak
- Example for passing custom URL parameters to a Keycloak theme for dynamic branding
- Angular Webapp secured with Keycloak
- Keycloak Theme Development Kit
- Keycloak Clustering examples
- Keycloak Last Login Date Event Listener
- Keycloak Project Example (Customizations, Extensions, Configuration)
- Example of adding API Key authentication to Keycloak
- Example for using Keycloak Authorization with ASP.NET Core
- FAPI demo from DevConf.cz Mini: Secure digital transformation via keycloak's FAPI
Benchmarks
Help
Commercial Offerings
- Red Hat Single Sign-On
- INTEGSOFT UNIFIED USER CREDENTIALS WITH KEYCLOAK SSO
- JIRA SSO Plugin by codecentric
- Keycloak Competence Center by Inventage AG
- Keycloak as a Service
- Bare.Id - GDPR compliant Keycloak as a Service
- Phase Two
Miscellaneous
- Find sites using Keycloak with google
- Keycloak Dev Bookmarks - Use the tag keycloak
- Use fail2ban to block brute-force attacks to keycloak server
- Pentest-Report Keycloak 8.0 Audit & Pentest 11.2019 by Cure53
- Keycloak - CNCF Security SIG - Self Assesment
License
To the extent possible under law, Thomas Darimont has waived all copyright and related or neighboring rights to this work.