Getting started

OpenJDK
Get started with Keycloak on bare metal
Docker
Get started with Keycloak on Docker
Podman
Get started with Keycloak on Podman
Kubernetes
Get started with Keycloak on Kubernetes
OpenShift
Get started with Keycloak on OpenShift
Scaling
Get started with Keycloak scaling and tuning

Server

Configuring Keycloak
Understand how to configure and start Keycloak
Configuring Keycloak for production
Learn how to make Keycloak ready for production.
Admin bootstrap and recovery
Learn how to bootstrap and recover admin account.
Directory Structure
Understand the purpose of the directories under the installation root
Running Keycloak in a container
Learn how to run Keycloak from a container image
Configuring TLS
Learn how to configure Keycloak's https certificates for ingoing and outgoing requests.
Configuring the hostname (v2)
Learn how to configure the frontend and backchannel endpoints exposed by Keycloak.
Using a reverse proxy
Learn how to configure Keycloak together with a reverse proxy, api gateway, or load balancer.
Configuring the database
An overview about how to configure relational databases
Configuring distributed caches
Understand how to configure the caching layer
Configuring outgoing HTTP requests
How to configure the client used for outgoing HTTP requests.
Configuring trusted certificates
How to configure the Keycloak Truststore to communicate through TLS.
Configuring trusted certificates for mTLS
Learn how to configure Mutual TLS to verify clients that are connecting to Keycloak.
Enabling and disabling features
Understand how to configure Keycloak to use optional features
Configuring providers
Understand how to configure providers
Configuring logging
Learn how to configure Logging
FIPS 140-2 support
How to configure Keycloak server for FIPS compliance
Configuring the Management Interface
Learn how to configure Keycloak's management interface for endpoints like metrics and health checks.
Importing and Exporting Realms
An overview about how to import and export realms
Using a vault
Learn how to use and configure a vault in Keycloak
All configuration
Complete list of all build options and configuration for Keycloak
All provider configuration
Complete list of all the available provider configuration options
Update Compatibility Tool
Learn how to use this tool before upgrade Keycloak

Operator

Keycloak Operator Installation
How to install the Keycloak Operator on Kubernetes and OpenShift
Basic Keycloak deployment
How to install Keycloak using the Operator
Keycloak Realm Import
How to perform an automated Keycloak Realm Import using the operator
Advanced configuration
How to tune advanced aspects of the Keycloak CR
Using custom Keycloak images
How to customize and optimize the Keycloak Container

Observability

Enabling Keycloak Health checks
Learn how to enable and use Keycloak health checks
Enabling Keycloak Metrics
Learn how to enable and expose metrics from the server
Enabling Keycloak Event Metrics
Learn how to enable and use Keycloak Event Metrics
Keycloak service level indicators (SLIs)
Learn about the Service Level Indicators to monitor your Keycloak deployment's performance
Metrics for troubleshooting Keycloak deployment
Learn about metrics that can indicate where the issue is, for example, when service level objective is not met
Enabling Tracing
Learn how to enable distributed tracing in Keycloak
Keycloak Grafana dashboards
Learn how to import Keycloak provided Grafana dashboards to your Grafana instance

Securing applications

Planning for securing applications and services
Introduction and basic concepts for securing applications
Secure applications and services with OpenID Connect
Using OpenID Connect with Keycloak to secure applications and services
Keycloak JavaScript adapter
Client-side JavaScript library that can be used to secure web applications.
Keycloak Node.js adapter
Node.js adapter to protect server-side JavaScript apps
mod_auth_openidc Apache HTTPD Module
Configuring the mod_auth_openidc Apache module with Keycloak
Keycloak SAML Galleon feature pack for WildFly and EAP
Using Keycloak SAML Galleon feature pack to secure applications in WildFly and EAP
mod_auth_mellon Apache Module
Configuring the mod_auth_mellon Apache module with Keycloak
Docker registry
Configuring a Docker registry to use Keycloak
Client registration service
Using the client registration service
Client registration CLI
Automating Client Registration with the CLI
Using token exchange
Configuring and using Token exchange with Keycloak
Keycloak admin client
Using the Keycloak admin client to access the Keycloak Admin REST API
Keycloak authorization client
Using the Keycloak authz client administer and check permissions
Keycloak policy enforcer
Using the Keycloak policy enforcer in Java applications
Upgrading the Keycloak Client Libraries
How to upgrade the Keycloak Client Libraries

High availability

Multi-site deployments
Connect multiple Keycloak deployments in different sites to increase the overall availability
Concepts for multi-site deployments
Understanding a multi-site deployment with synchronous replication
Building blocks multi-site deployments
Overview of building blocks, alternatives and not considered options
Health checks for multi-site deployments
Validating the health of a multi-site deployment
Bring site online
This guide describes how to bring a site online so that it can process client requests.
Synchronize Sites
This describes the procedures required to synchronize an offline site with an online site
Take site offline
This describes how to take a site offline so that it no longer processes client requests

Migration

Migrating to Quarkus distribution
Migrate to the new Quarkus distribution from the legacy WildFly distribution