KeyConf24

19 Sep 2024Vienna, Austria 9am - 4pm
Our annual conference dedicated to the Keycloak users' community to interact, learn, share, and exchange notes on Keycloak IAM technology and use cases.
100+
Attendees
1
Day
1
Keynote
9
Talks

About KeyConf

The event is organised with support from the "Keycloak - OAuth2 Special Interest Group," which contributed to building OpenID FAPI standards into Keycloak. There is more standards-related work in progress, and it is a great opportunity to interact with the contributors and be part of such amazing contributions.

Why Join Us

  • Keynote speakers and networking opportunities.
  • In-person for a chance to learn from industry experts.
  • Connect with like-minded professionals.
  • Networking lunch.

Speakers & MC

We are delighted to be able to present you with a high-quality speaker line-up consisting of leading Keycloak developers, maintainers & experts. As the Master of Ceremony, Nathalia Pinesi will lead through the day.
Nathalia Pinesi
Nathalia Pinesi
Head of Demand Generation
adorsys
Read more →
Daniel Goldschneider
Daniel Goldschneider
Founder & CEO
The OpenWallet Foundation
Read more →
Vinod Anandan
Vinod Anandan
Application Security & DevSecOps
JPMorgan Chase & Co.
Read more →
Francis Pouatcha
Francis Pouatcha
Co-Founder & Technical Lead
adorsys
Read more →
Takashi Norimatsu
Takashi Norimatsu
Senior OSS Specialist
Hitachi, Ltd.
Read more →
Václav Muzikář
Václav Muzikář
Principal Software Engineer
Red Hat
Read more →
Marek Posolda
Marek Posolda
Principal Software Engineer
Red Hat
Read more →
Pritish Joshi
Pritish Joshi
Technical Architect
Banfico
Read more →
Martin Bartoš
Martin Bartoš
Senior Software Engineer
Red Hat
Read more →
Dmitry Telegin
Dmitry Telegin
Principal Backend Engineer
Backbase UK
Read more →
GR Patil
GR Patil
Co-founder & CEO
Phase Two
Read more →
Martin Besozzi
Martin Besozzi
Founder | IAM Architect
TwoGenIdentity
Read more →

Schedule

9:00 - 9:50

Registration & Welcome Coffee

9:50 - 10:00

Opening Remarks and Welcome from adorsys

10:00 - 10:30

Keynote

Wallets are Key - the state of play from Bangalore to Brussels

Daniel will answer:
  • Why are wallets critical digital infrastructure?
  • Who are the players?
  • Why should public and private sector work together?
  • What could this partnership look like?

10:30 - 10:40

SIG Community Message

The Journey, Achievements, and Significance of the Keycloak SIG Community

In his talk, Vinod will highlight the history, achievements, and importance of the Keycloak SIG community.

10:40 - 11:00

Talk

Streamlining Keycloak Configuration Management: Exploring keycloak-config-cli

Managing Keycloak configurations across multiple environments can quickly become complex and error-prone. This talk will explore the challenges of manual configuration management and demonstrate how to overcome them using the keycloak-config-cli, a powerful utility developed by adorsys. Attendees will learn:
  • How to define and maintain desired realm states using JSON or YAML configuration files. Best practices for version control and collaboration on Keycloak configurations.
  • Techniques for applying configuration changes seamlessly, without requiring Keycloak restarts.
  • Real-world use cases and examples showcasing the efficiency and flexibility of keycloak-config-cli. This session is ideal for Keycloak administrators, developers, and DevOps engineers who want to simplify their configuration workflows, improve reliability, and enhance collaboration on Keycloak projects.

11:00 - 11:30

Talk

Keycloak's Updates on Emerging Paradigm of Identity and Compliance with Security Specifications

In Europe, interest in De-centralized Identity (DID) and Self-sovereign identity (SSI) are increasing as the European Commission released "The European Digital Identity Wallet Architecture and Reference Framework" for eIDAS 2.0. The latest Keycloak supported an experimental feature OpenID for Verifiable Credential Issuance (OID4VCI) for this emerging paradigm of identity by keycloak's community like OAuth SIG. In his talk, Takashi describes the OID4VCI support provided by Keycloak in detail. He also outlines a plan to enhance this experimental OID4VCI support in the future. Additionally, he discusses Keycloak's latest compliance with FAPI 2.0 and OAuth 2.1.

11:30 - 12:00

Talk

Building declaratively configured Keycloak

Configuring Keycloak through REST APIs, UI or 3rd party tools might not be suitable for all use cases. In this talk Václav will show a sneak peek of what the Keycloak team is currently brewing around declarative configuration. What does it take to add native support for configuration-as-code to Keycloak? What are the options and what challenges do we face with them? What worked for us and what did not? How to design a good declarative API? And how to extend it to the cloud-native world of Operator CRs, GitOps, and beyond that?

12:00 - 13:00

Lunch Break

Let's have some delicious food together.

13:00 - 13:30

Talk

Core Keycloak features developed in past 12 months

In this talk, Marek will highlight the most important features, which were contributed to the Keycloak in the past year. He will focus on the core features related to user experience and realm administration. The special focus will be on those features:
User profile
User profile provides fine-grained control over the attributes that users and administrators can manage so that you can prevent unexpected attributes and values from being set. In the session, we will show how administrator can configure user profile attributes, provide the validations and custom annotations with the details on how the attributes will be shown on the user forms. Also we will touch on progressive profiling, which provides ability to specify that some fields are required or available on the forms just for particular values of scope parameter.
Organizations
This is brand new feature added as a preview in Keycloak 25, which provides a realm with some core multi-tenancy capabilities with the possibility to address Business-to-Business (B2B) and Business-to-Business-to-Customers (B2B2C) use cases.
If time permits and there is an interest, we can touch on management on possible ideas for the future roadmap. This session is ideal for Keycloak administrators and developers.

13:30 - 14:00

Talk

Integrating Keycloak with Openresty as a resource server in Open Banking

Operate a OpenID FAPI Compliant open banking platform Banfico works with Openresty as the API Gateway / Resource Server. In the talk, Pritish will cover the architecture and the orchestration using Keycloak and OpenResty in their OpenShift platform. Also brief about the Lua scripting to develop plugins related to FAPI Introspection, Open Banking policies, Caching, and API Analytics.

14:00 - 14:30

Talk

Unlocking adaptive authentication with Keycloak

As digital threats continuously evolve, traditional authentication methods often fall short and are insufficient in today's dynamic security landscape. It needs to adapt to different risk levels and ever-changing contexts, such as user location, device, and behavior, to ensure a secure and user-friendly experience.
This presentation introduces the importance of adaptive authentication within Keycloak, showcasing how modern techniques combined with machine learning can transform identity and access management.
This allows server administrators to detect anomalies and respond to emerging threats more effectively, ensuring that sensitive resources are protected. We provide step-by-step guidance and a demo on configuring and deploying these techniques in your Keycloak environment.

14:30 - 14:45

Coffee Break

14:45 - 15:15

Talk

New and Noteworthy in the OAuth World

The OAuth SIG has been recently focusing mostly on FAPI, Verifiable Credentials and related technologies. However, there is quite a lot happening in the Internet standards world outside of FAPI and VC realms. In this talk, Dmitry will give an overview of selected upcoming Internet standards being currently discussed at IETF:
  • OAuth 2.0 for First-Party Applications
  • Transaction Tokens
  • OAuth Identity and Authorization Chaining Across Domains
  • OAuth Client ID Metadata Document
For the above prospective standards, we will talk about benefits of having them implemented in Keycloak, assess Keycloak's readiness for their adoption, and discuss potential implementation challenges."

15:15 - 15:45

Talk

Extending Keycloak for All Your Identity Use Cases

Keycloak is a mature, extensible Identity and Access Management (IAM) system. It is built as a set of Service Provider Interfaces (SPIs) and implementations that allow excellent configuration and programmatic extensibility, including augmenting and replacing almost all parts of the core implementation. This talk presents an overview of Keycloak’s commonly used extension mechanisms, best practices for development and testing of extensions, and several exemplary, real-world examples. Finally, it puts it all together with a deep-dive into one such extension, using what we learned.

15:45 - 16:00

Closing Remarks

Enhancing User Experience with Native Authentication and Passkeys in Keycloak

If you are tired of browser-based authentication, which relies on the traditional redirect model or browser pop-ups in native app scenarios, there is now a proposed standard called OAuth 2.0 for First-Party Applications. This standard offers an API-based authentication approach, allowing first-party apps to control the login experience based on information returned by the Identity Provider.
As a result, friction can be reduced, and potential user drop-off minimized, while enhancing the overall user experience. The purpose of this presentation is to review the standard and provide an overview of all the benefits.

What's included?

  • Talks from industry-leading speakers
  • FREE drinks, refreshments and lunch
  • Live stream and recorded talks

Venue

Location

ARCOTEL Kaiserwasser Wien
8 Wagramer Straße
1220 Wien
Austria

Directions

Please use Google Maps to find out how to get there.

Google Maps

A big 'Thank You' to our Organizer & Sponsors