UMA (User-Managed Access) 2.0 is an OAuth 2.0-based protocol that enables resource owners to control access to their protected resources. Unlike standard OAuth 2.0 where the resource owner and requesting party are typically the same, UMA introduces the ability to distinguish between:
Keycloak provides comprehensive LDAP (Lightweight Directory Access Protocol) integration through its User Federation system. This allows organizations to authenticate users against existing LDAP directories (such as Active Directory, OpenLDAP, or other LDAP-compliant servers) while leveraging Keycloak’s advanced identity management features.
This document describes what a Realm is in Keycloak, its architecture, configuration options, and how it serves as the foundation for multi-tenancy.
When you log into an application protected by Keycloak, it doesn’t just verify your credentials and forget about you—it creates a network of session objects that track who you are, which applications you’ve accessed, and how long you’ve been active. Understanding these sessions is important for anyone building secure applications or troubleshooting authentication issues.
OpenFGA and Keycloak configuration Some time ago, we integrated OpenFGA with Keycloak for our AuthN/AuthZ implementation. OpenFGA can interpret the token’s “aud” claim when making authentication/authorization decisions. The “aud” claim specifies the intended recipient(s) of the token: The “aud” (audience) claim identifies the recipients that the JWT is intended for. Each principal intended to process the JWT must… Read More »
Intro Many articles have references to SSO capabilities of Keycloak, but they often don’t explain how it works under the hood. In this article we have simple environment in form of Docker Compose with Keycloak and two Angular applications that will help you to understand how cookies based authentication works with Keycloak. We will dive deep into this… Read More »
If you’re working with Keycloak and wondering how to handle multi-tenancy, then this article is for you. I’ve seen a lot of confusion around realms – what they are, how they behave, and whether they’re the right building blocks for tenant separation. Let’s break it down. What is a Realm in Keycloak? At its core, a realm in… Read More »
Keycloak Admin REST API performance limitations Previously, we have dealt with some limitations related to Keycloak that might be useful to know before actively using Keycloak Admin REST API in your projects. These are the following: The problem with Keycloak Admin REST API can be mitigated from an architectural perspective by just replacing local Keycloak users with a… Read More »
Latency degradation due to JVM GC This story is about choosing the correct garbage collector and its potential impact on performance. Performance is typically divided into two main areas of interest: Of course, I mentioned these two areas as a matter of interest in this article, but you may have your own perspective. So, what is JVM ergonomics?… Read More »
Intro One of the most challenging and confusing topics, especially for beginners in Keycloak, is Client Scopes. In this article, I will break down this topic, explaining what Client Scopes are used for, how they work, and what their advantages are. Let’s start! Our environment configuration is very simple. Typically, I work with containerized applications using Docker and… Read More »