Skip to main content

Architecture

  • Keycloak is an open-source identity and access management solution that provides single sign-on (SSO), identity brokering, and social login capabilities.

Core Components

  • Authentication Server: Central authentication service

  • Admin Console: Web-based management interface

  • Account Management Console: User self-service portal

  • Identity Providers: Integration with external identity systems

  • User Federation: LDAP/Active Directory integration

  • Themes: Customizable UI components

Architecture Patterns

  • Realm: Isolated security domain containing users, roles, and applications

  • Clients: Applications that request authentication

  • Users: End users who authenticate

  • Roles: Permissions and access control definitions

  • Groups: Collections of users for easier management

Security Model

  • OAuth 2.0 and OpenID Connect protocols

  • SAML 2.0 support

  • JWT token-based authentication

  • Multi-factor authentication (MFA)

  • Password policies and account lockout