Search results

Showing SQL statements with Keycloak

Sometimes you might find yourself wondering whether there is some paranormal activity going on with your keycloak and its database. To check if things are still in the realm of physical reality, and to restore your child's faith in the programmer who never makes mistakes, it might be soothing to check what's actually happening to […]

Dealing with multiple AWS accounts with one Keycloak client for Single-Sign On

This article assumes that the user backend for Keycloak is FreeIPA. Regardless of that the instructions will apply to any other setup with minor modifications. Here we use two different AWS accounts renamed to 123412341234 and 567856785678 to protect the personal information of the innocent. The Keycloak staging cluster on which this integration was done […]

Gitlab SAML to Keycloak Setup

Integrating Keycloak with Gitlab SAML makes it easier to manage users in an organization from a central point. You could manage separate accounts on Gitlab, but for us it makes sense to utilize Keycloak as we are already using it for other applications. The first step is to create a Gitlab SAML client in the […]

Solving an Apache Mellon redirect loop mystery

If you’re at all like me, you every now and then find yourself thrown out of your comfort zone, when you should actually be in it. The pattern usually goes something like this: It’s something simple. I’ll fix it in a couple of minutes and document it for others. I know my stuff.  Hmm, this […]

Authenticating and authorizing Grafana users from FreeIPA groups via Keycloak identity and access management solution

Grafana is a common tool to visualize data from multiple datasources. Perhaps the most common datasource is Prometheus. If an organization has a Single-Sign On solution, it makes sense to authenticate users centrally with that solution That will make authentication easier and friendlier for end users (authenticate once and then access multiple services), and also […]

Making sense of JBOSS/Wildfly interfaces in domain mode

In this blog we consider JBoss/Wildfly domain mode in the context of the wonderful Keycloak software. It is not necessarily trivial to understand how the interfaces  should be configured, especially if you want to do something other than the defaults, for example to secure your Wildfly/JBOSS configuration, or if you are dealing with a more […]

Keycloak, Wildfly and Infinispan caches

We recently hit an interesting issue with an "almost in production" Keycloak high-availability clustered domain mode setup that was behind an Amazon EC2 load balancer with sticky sessions enabled. The symptom was that changes from the domain controller did not propagate to the slave. This included: Changes made to realms and clients using the Admin […]

Managing Keycloak configuration programmatically

Keycloak is an excellent Open Source Identity and Access Management solution that builds on top of the Wildfly application server. We manage several Keycloak installations for providing SSO with FreeIPA credentials for self-hosted and SaaS services via SAML and OIDC. To keep our Keycloak configurations healthy and in a known-good state we manage their configurations […]