Migration

Migrating to Quarkus distribution
Migrate to the new Quarkus distribution from the legacy WildFly distribution

Getting started

OpenJDK
Get started with Keycloak on bare metal
Docker
Get started with Keycloak on Docker
Podman
Get started with Keycloak on Podman
Kubernetes
Get started with Keycloak on Kubernetes
OpenShift
Get started with Keycloak on OpenShift

Server

Configuring Keycloak
Understand how to configure and start Keycloak
Configuring Keycloak for production
Learn how to make Keycloak ready for production.
Running Keycloak in a container
Learn how to run Keycloak from a container image
Configuring TLS
Learn how to configure Keycloak's https certificates for ingoing and outgoing requests as well as mTLS.
Configuring the hostname (v2)
Learn how to configure the frontend and backchannel endpoints exposed by Keycloak.
Using a reverse proxy
Learn how to configure Keycloak together with a reverse proxy, api gateway, or load balancer.
Configuring the database
An overview about how to configure relational databases
Configuring distributed caches
Understand how to configure the caching layer
Configuring outgoing HTTP requests
How to configure the client used for outgoing HTTP requests.
Configuring trusted certificates
How to configure the Keycloak Truststore to communicate through TLS.
Enabling and disabling features
Understand how to configure Keycloak to use optional features
Configuring providers
Understand how to configure providers
Configuring logging
Learn how to configure Logging
FIPS 140-2 support
How to configure Keycloak server for FIPS compliance
Configuring the Management Interface
Learn how to configure Keycloak's management interface for endpoints like metrics and health checks.
Enabling Keycloak Health checks
Learn how to enable and use Keycloak health checks
Enabling Keycloak Metrics
Learn how to enable and expose metrics from the server
Importing and Exporting Realms
An overview about how to import and export realms
Using a vault
Learn how to use and configure a vault in Keycloak
All configuration
Complete list of all build options and configuration for Keycloak
All provider configuration
Complete list of all the available provider configuration options
Configuring the hostname (v1)
Learn how to configure the frontend and backchannel endpoints exposed by Keycloak.

Operator

Keycloak Operator Installation
How to install the Keycloak Operator on Kubernetes and OpenShift
Basic Keycloak deployment
How to install Keycloak using the Operator
Keycloak Realm Import
How to perform an automated Keycloak Realm Import using the operator
Advanced configuration
How to tune advanced aspects of the Keycloak CR
Using custom Keycloak images
How to customize and optimize the Keycloak Container

Securing applications

Apache APISIX external
Integrate Keycloak for Authentication with Apache APISIX
KrakenD external
Secure APIs with an API Gateway
Quarkus external
Using OpenID Connect and Keycloak to secure your Quarkus applications
Traefik Hub external
Use Keycloak as an identity provider or as an identity broker for Traefik Hub API management
WildFly external
Secure WildFly Applications with Keycloak

High availability

Multi-site deployments
Connect multiple Keycloak deployments in different sites to increase the overall availability
Concepts for active-passive deployments
Understanding an active-passive deployment with synchronous replication
Building blocks active-passive deployments
Overview of building blocks, alternatives and not considered options
Fail over to the secondary site
This describes the automatic and operational procedures necessary
Switch over to the secondary site
This topic describes the operational procedures necessary
Recover from an out-of-sync passive site
This describes the automatic and operational procedures necessary
Switch back to the primary site
This describes the operational procedures necessary