WHAT IS IT?
Keycloak is an open source Identity and Access Management (IAM) platform that lets you add authentication and authorization to your applications without reinventing the wheel. It handles Single Sign-On, identity federation, strong authentication and fine-grained authorization — all managed through a centralized admin console. A CNCF incubation project, maintained by Red Hat and a large community.
WHY IS IT INTERESTING?
- Turnkey Single Sign-On: users log in once and access all connected applications. Supports OpenID Connect, OAuth 2.0 and SAML 2.0 natively.
- Identity federation: built-in LDAP and Active Directory connectors, plus the ability to plug in custom providers. Social login (Google, GitHub, etc.) in just a few clicks.
- Fine-grained authorization: goes well beyond simple RBAC. Authorization policies based on attributes, roles, context — all configurable from the admin console.
- Full-featured admin console: centralized management of realms, users, clients, roles and sessions. Users also get their own console to manage their profile and MFA.
- Extensible and customizable: custom themes, SPIs to extend behavior, clustering support for high availability. Scales from a side project to enterprise infrastructure.
USE CASES
- Centralize authentication across multiple microservices behind a single Identity Provider
- Replace a homegrown auth system with a battle-tested, standards-compliant solution
- Federate users from an existing Active Directory into modern web applications
- Add social login and MFA to an application without writing a single line of auth code
- Secure APIs with OAuth 2.0 tokens and centralized authorization policies