Getting started

OpenJDK
Get started with Keycloak on a physical or virtual server.
Docker
Get started with Keycloak on Docker.
Podman
Get started with Keycloak on Podman.
Kubernetes
Get started with Keycloak on Kubernetes.
OpenShift
Get started with Keycloak on OpenShift.
Scaling
Scale and tune your Keycloak installation.

Server

Configuring Keycloak
Configure and start Keycloak.
Configuring Keycloak for production
Prepare Keycloak for use in production.
Bootstrapping and recovering an admin account
Bootstrap Keycloak and recover access by creating a temporary admin account.
Directory Structure
Understand the purpose of the directories under the installation root.
Running Keycloak in a container
Run Keycloak from a container image.
Configuring TLS
Configure Keycloak's https certificates for ingoing and outgoing requests.
Configuring the hostname (v2)
Configure the frontend and backchannel endpoints exposed by Keycloak.
Configuring a reverse proxy
Configure Keycloak with a reverse proxy, API gateway, or load balancer.
Configuring the database
Configure a relational database for Keycloak to store user, client, and realm data.
Configuring distributed caches
Configure the caching layer to cluster multiple Keycloak instances and to increase performance.
Configuring outgoing HTTP requests
Configure the client used for outgoing HTTP requests.
Configuring trusted certificates
Configure the Keycloak Truststore to communicate through TLS.
Configuring trusted certificates for mTLS
Configure Mutual TLS to verify clients that are connecting to Keycloak.
Enabling and disabling features
Configure Keycloak to use optional features.
Configuring providers
Configure providers for Keycloak.
Configuring logging
Configure logging for Keycloak.
FIPS 140-2 support
Configure Keycloak server for FIPS compliance.
Configuring the Management Interface
Configure Keycloak's management interface for endpoints such as metrics and health checks.
Importing and exporting realms
Import and export realms as JSON files.
Using a vault
Configure and use a vault in Keycloak.
All configuration
Review build options and configuration for Keycloak.
All provider configuration
Review provider configuration options.
Checking if rolling updates are possible
Execute the update compatibility command to check if Keycloak supports a rolling update for a change in your deployment.

Operator

Keycloak Operator Installation
Install the Keycloak Operator on Kubernetes and OpenShift.
Basic Keycloak deployment
Install Keycloak using the Operator.
Automating a realm import
Automate a realm import using the operator.
Advanced configuration
Tune advanced aspects of the Keycloak CR.
Avoiding downtime with rolling updates
Avoid downtime when changing themes, providers, or configurations in optimized images.
Using custom Keycloak images
Customize and optimize the Keycloak container.

Observability

Tracking instance status with health checks
Check if an instance has finished its start up and is ready to serve requests by calling its health REST endpoints.
Gaining insights with metrics
Collect metrics to gain insights about state and activities of a running instance of Keycloak.
Monitoring user activities with event metrics
Event metrics provide an aggregated view of user activities in a Keycloak instance.
Monitoring performance with Service Level Indicators
Track performance and reliability as perceived by users with Service Level Indicators (SLIs) and Service Level Objectives (SLOs).
Troubleshooting using metrics
Use metrics for troubleshooting errors and performance issues.
Root cause analysis with tracing
Record information during the request lifecycle with OpenTelementry tracing to identify root cases for latencies and errors in Keycloak and connected systems.
Visualizing activities in dashboards
Install the Keycloak Grafana dashboards to visualize the metrics that capture the status and activities of your deployment.
Analyzing outliers and errors with exemplars
Use exemplars to connect a metric to a recorded trace to analyze the root cause of errors or latencies.

Securing applications

Planning for securing applications and services
Understand basic concepts for securing applications.
Securing applications and services with OpenID Connect
Use OpenID Connect with Keycloak to secure applications and services.
Keycloak JavaScript adapter
Client-side JavaScript library that can be used to secure web applications.
Keycloak Node.js adapter
Node.js adapter to protect server-side JavaScript apps
Configuring the mod_auth_openidc Apache HTTPD Module
Configure the mod_auth_openidc Apache module with Keycloak.
Keycloak SAML Galleon feature pack for WildFly and EAP
Using Keycloak SAML Galleon feature pack to secure applications in WildFly and EAP.
Configuring the mod_auth_mellon Apache Module
Configure the mod_auth_mellon Apache module with Keycloak.
Configuring a Docker registry
Configure a Docker registry to use Keycloak.
Using the client registration service
Use the client registration service.
Automating client registration with the CLI
Use the CLI to automate client registration.
Configuring and using token exchange
Configure and use token exchange for Keycloak.
Keycloak admin client
Using the Keycloak admin client to access the Keycloak Admin REST API
Keycloak authorization client
Using the Keycloak authz client administer and check permissions
Keycloak policy enforcer
Using the Keycloak policy enforcer in Java applications
Upgrading the Keycloak Client Libraries
How to upgrade the Keycloak Client Libraries

High availability

Multi-site deployments
Connect multiple Keycloak deployments in different sites to increase the overall availability.
Concepts for multi-site deployments
Understand multi-site deployment with synchronous replication.
Building blocks multi-site deployments
Learn about building blocks and suggested setups for multi-site deployments.
Taking a site offline
Take a site offline so that it no longer processes client requests.
Bringing a site online
Bring a site online so that it can process client requests.
Synchronizing sites
Synchronize an offline site with an online site.
Health checks for multi-site deployments
Validate the health of a multi-site deployment.

Migration

Migrating to Quarkus distribution
Migrate to the new Quarkus distribution from the legacy WildFly distribution