Skip to main content

Keycloak

Any opinions in this page are solely my own.  Please see the Service Evaluations Disclaimer for more information.

What is the service?

Information about the service (e.g. what it is, what it does, deployment method, etc.)

Keycloak provides identity management for applications. Users can either be managed directly within Keycloak or through a federated provider, including LDAP or Active Directory. Keycloak then supports OAuth2 or SAML to external applications.

How could the home lab benefit from utilising the service?

Information on what the home lab could benefit from by utilising this technology

  • Single-sign-on to internal and external applications
  • Identity management in one place

Pros

  • Supports OAuth2 and SAML
  • Provides an administrative UI
  • Possible (with the right set of circumstances) to support no-click authentication (relies on mutual TLS and specific settings)

Cons

  • Can be difficult to configure realms (and forget which realm you're in)
  • UI is quite complex and exposes a significant amount of detail that may not be necessary
  • When zoomed in, the console is quite difficult to navigate due to layout choices
  • SCIM not supported, so not easy/likely to integrate with AWS

Decision & Justification

Whether I chose to deploy it or not, and why

I have chosen NOT TO DEPLOY this service. It does not support SCIM, which means that it does not support the AWS IAM Identity Centre integration natively. Additionally, the UI exposes a lot of complex options, many of which don't make sense or are quite confusing. While the option to support one-click authentication exists, it is not easy to set up and requires end-user configuration (which is not viable).

Back to top