OpenFGA and Keycloak configuration Some time ago, we integrated OpenFGA with Keycloak for our AuthN/AuthZ implementation. OpenFGA can interpret the token’s “aud” claim when making authentication/authorization decisions. The “aud” claim specifies the intended recipient(s) of the token: The “aud” (audience) claim identifies the recipients that the JWT is intended for. Each principal intended to process the JWT must… Read More »
Intro Many articles have references to SSO capabilities of Keycloak, but they often don’t explain how it works under the hood. In this article we have simple environment in form of Docker Compose with Keycloak and two Angular applications that will help you to understand how cookies based authentication works with Keycloak. We will dive deep into this… Read More »
If you’re working with Keycloak and wondering how to handle multi-tenancy, then this article is for you. I’ve seen a lot of confusion around realms – what they are, how they behave, and whether they’re the right building blocks for tenant separation. Let’s break it down. What is a Realm in Keycloak? At its core, a realm in… Read More »
Keycloak Admin REST API performance limitations Previously, we have dealt with some limitations related to Keycloak that might be useful to know before actively using Keycloak Admin REST API in your projects. These are the following: The problem with Keycloak Admin REST API can be mitigated from an architectural perspective by just replacing local Keycloak users with a… Read More »
Latency degradation due to JVM GC This story is about choosing the correct garbage collector and its potential impact on performance. Performance is typically divided into two main areas of interest: Of course, I mentioned these two areas as a matter of interest in this article, but you may have your own perspective. So, what is JVM ergonomics?… Read More »
Intro One of the most challenging and confusing topics, especially for beginners in Keycloak, is Client Scopes. In this article, I will break down this topic, explaining what Client Scopes are used for, how they work, and what their advantages are. Let’s start! Our environment configuration is very simple. Typically, I work with containerized applications using Docker and… Read More »