Keycloak

An open-source identity and access management server.

Keycloak is an identity and access management server that provides single sign-on, identity brokering between external identity providers (LDAP, Active Directory, GitHub, Google, SAML 2.0 IDPs, OpenID Connect IDPs), and social login. Client applications integrate via OpenID Connect, OAuth 2.0, or SAML 2.0 — Keycloak adapter libraries exist for Java, Node.js, Python, and many other ecosystems.

Red Hat started Keycloak in 2014 and ships it as the upstream of "Red Hat build of Keycloak" (formerly RH-SSO). The 2023 move from WildFly to Quarkus as the underlying server runtime substantially reduced Keycloak's memory footprint and start-up time, which had been long-standing pain points.

Keycloak is one of the most widely-deployed open-source IDPs in the wild. Universities, government agencies, and companies who do not want to build their own login system or pay for hosted SaaS auth use it as the authentication layer in front of internal applications. Federation features make it a sensible hub for "log in once, get access to all our internal apps" deployments.

License: Apache-2.0

Category: Security

Website: https://www.keycloak.org/

Install

Run as a container:
  docker run -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:latest start-dev

Authors

Red Hat
Keycloak community

PreviousKeePassXC NextKibana