KeyConf24

Configuring Keycloak through REST APIs, UI or 3rd party tools might not be suitable for all use cases. In this talk Václav will show a sneak peek of what the Keycloak team is currently brewing around declarative configuration. What does it take to add native support for configuration-as-code to Keycloak? What are the options and what challenges do we face with them? What worked for us and what did not? How to design a good declarative API? And how to extend it to the cloud-native world of Operator CRs, GitOps, and beyond that?

In this talk, Marek will highlight the most important features, which were contributed to the Keycloak in the past year. He will focus on the core features related to user experience and realm administration. The special focus will be on those features:

User profile

User profile provides fine-grained control over the attributes that users and administrators can manage so that you can prevent unexpected attributes and values from being set. In the session, we will show how administrator can configure user profile attributes, provide the validations and custom annotations with the details on how the attributes will be shown on the user forms. Also we will touch on progressive profiling, which provides ability to specify that some fields are required or available on the forms just for particular values of scope parameter.

Organizations

This is brand new feature added as a preview in Keycloak 25, which provides a realm with some core multi-tenancy capabilities with the possibility to address Business-to-Business (B2B) and Business-to-Business-to-Customers (B2B2C) use cases.

If time permits and there is an interest, we can touch on management on possible ideas for the future roadmap. This session is ideal for Keycloak administrators and developers.

Operate a OpenID FAPI Compliant open banking platform Banfico works with Openresty as the API Gateway / Resource Server. In the talk, Pritish will cover the architecture and the orchestration using Keycloak and OpenResty in their OpenShift platform. Also brief about the Lua scripting to develop plugins related to FAPI Introspection, Open Banking policies, Caching, and API Analytics.

As digital threats continuously evolve, traditional authentication methods often fall short and are insufficient in today's dynamic security landscape. It needs to adapt to different risk levels and ever-changing contexts, such as user location, device, and behavior, to ensure a secure and user-friendly experience.
This presentation introduces the importance of adaptive authentication within Keycloak, showcasing how modern techniques combined with machine learning can transform identity and access management.
This allows server administrators to detect anomalies and respond to emerging threats more effectively, ensuring that sensitive resources are protected. We provide step-by-step guidance and a demo on configuring and deploying these techniques in your Keycloak environment.

The OAuth SIG has been recently focusing mostly on FAPI, Verifiable Credentials and related technologies. However, there is quite a lot happening in the Internet standards world outside of FAPI and VC realms. In this talk, Dmitry will give an overview of selected upcoming Internet standards being currently discussed at IETF:

• OAuth 2.0 for First-Party Applications
• Transaction Tokens
• OAuth Identity and Authorization Chaining Across Domains
• OAuth Client ID Metadata Document

For the above prospective standards, we will talk about benefits of having them implemented in Keycloak, assess Keycloak's readiness for their adoption, and discuss potential implementation challenges."

Keycloak is a mature, extensible Identity and Access Management (IAM) system. It is built as a set of Service Provider Interfaces (SPIs) and implementations that allow excellent configuration and programmatic extensibility, including augmenting and replacing almost all parts of the core implementation. This talk presents an overview of Keycloak’s commonly used extension mechanisms, best practices for development and testing of extensions, and several exemplary, real-world examples. Finally, it puts it all together with a deep-dive into one such extension, using what we learned.