Keycloak

Keycloak is an open-source identity and access management solution that provides authentication and authorization services for applications and services. The platform supports single sign-on (SSO) capabilities, allowing users to authenticate once and access multiple applications without repeated login prompts. The solution implements multi-factor authentication (MFA) including support for passkeys, recovery codes, and WebAuthn standards. Keycloak offers identity federation capabilities, enabling integration with external identity providers and supporting standard protocols such as OpenID Connect, OAuth 2.0, and SAML 2.0. Keycloak includes user management features with support for user registration, account management, and credential management. The platform provides token exchange mechanisms including JWT authorization grants and DPoP (Demonstrating Proof-of-Possession) support for enhanced security. The system supports organizational structures through its Organizations feature and offers customizable authentication flows through experimental workflow capabilities. Keycloak can issue verifiable credentials over OpenID4VCI protocol and supports federated client authentication. The platform includes session management with options for persistent user sessions and various storage configurations. Keycloak provides observability features for monitoring and includes email authentication capabilities with XOAUTH support. The solution offers extensibility through custom providers and supports deployment in containerized environments including Kubernetes.