Keycloak is an integrated single sign-on (SSO) and identity manager (IDM) for browser apps and RESTful web services. It is built on top of JBoss and WildFly, it complies with the OAuth 2.0, Open ID Connect (OIDC), JSON Web Token (JWT) and SAML 2.0 specifications.
About
Keycloak is a free and open source Identity and Access Management solution aimed at modern applications and services. It makes it easy to secure applications and services with little to no code.
Offers an integrated single sign-on (SSO) and identity manager for browser applications and RESTful web services. Built on top WildFly / JBoss and implements the OAuth 2.0, Open ID Connect and JSON Web Token (JWT) and SAML 2.0 specifications.
Keycloak was initially targeted towards the JBoss and WildFly communities, but it has solutions for many other environments like Tomcat, Jetty, Node.js, Ruby on Rails, Grails, etc. Options are to deploy it with an existing applicationserver, as a black-box appliance, or as an OpenShift, Kubernetes, or Docker service.
Features
- Single sign-on (SSO) and single log out (SLO) for browser applications
- Social Broker. Enable Google, Facebook, Yahoo, and Twitter social login without any code required.
- Optional LDAP(S) or Active Directory identity federation
- Optional user registration
- Password and TOTP support (via Google Authenticator or FreeOTP)
- Client X.509 certificate authentication coming soon
- User session management from both administrator and user perspective
- Customizable themes for user facing pages: login, grant pages, account management, emails, and administrator console all customizable!
- OAuth Bearer token administrator for REST services
- Integrated browser app to REST service token propagation
- Administrator REST API
- OAuth 2.0 Grant requests
- CORS support
- CORS Web Origin management and validation
- Completely centrally managed user and role mapping metadata. Minimal configuration at the application side
- Admin Console for managing users, roles, role mappings, applications, user sessions, allowed CORS web origins, and OAuth clients
- Deployable as a WAR, appliance, or an OpenShift, Kubernetes, and Docker service
- Supports JBoss AS7, EAP 6.x/7.x, and WildFly applications, as well as Node.js, other non-Java applications
- JavaScript/HTML 5 adapter for pure JavaScript applications
- Session management from admin console
- Revocation policies
- Password policies
- OpenID Connect Support
- SAML 2.0 support
