The distributed identity problem
Every business application needs authentication and authorisation, but implementing these mechanisms from scratch in every project is expensive, fragile and dangerous from a security standpoint. Credentials replicated across dozens of systems, inconsistent password policies, no centralised view of who accesses what: this is the daily reality in many organisations. Keycloak, an open source Identity and Access Management (IAM) server sponsored by Red Hat, tackles the problem by providing a centralised identity infrastructure that applications can integrate without having to manage users and credentials directly.
The project originates inside Red Hat as a response to the need for a modern, configurable IAM server ready for enterprise environments, released under the Apache 2.0 licence.
Single Sign-On and standard protocols
The core functionality of Keycloak is Single Sign-On (SSO): a user authenticates once and gains access to all applications configured within the realm, without repeating the login. The mechanism also works in reverse — Single Sign-Out disconnects the user from all applications simultaneously.
Keycloak supports the main identity protocols: OAuth 2.0 for delegated authorisation, OpenID Connect (OIDC) for authentication on top of OAuth 2.0, and SAML 2.0 for integration with enterprise systems that use this older standard. Applications do not need to implement protocol logic: they communicate with Keycloak through adapters provided for Java, JavaScript and other environments.
Identity brokering and federation
Identity brokering allows users to authenticate via external providers — social login with Google, Facebook, GitHub or any OIDC/SAML provider — without the application having to manage these integrations directly. Keycloak acts as an intermediary, normalising identities from different sources.
Federation with enterprise directories such as LDAP and Active Directory enables reuse of users already present in the existing infrastructure, synchronising them automatically with Keycloak’s internal database.
Administration console
Keycloak includes a web administration console that allows management of realms, clients, users, roles and access policies without writing code. Configuration covers password policies, sessions, tokens and multi-factor authentication. For organisations looking for a ready-to-use IAM without the complexities of proprietary solutions, Keycloak represents a concrete alternative.
Link: keycloak.org