Is there a dead simple guide to keycloak authorization policies?
I basically want to prevent all users from accessing an application *unless* they have a specific role (which grants them access through their group)
The policy seemingly always evaluates as deny for now, even though there's sometimes a permit, but even with it evaluating to deny, I can still login to the application?
XDEV is at Java Forum Nord 2025 on Sep 16 
! Richard Fichtner & Stefan Böhringer (Uni Regensburg) will share insights on how Java, standards & community saved the ByLeS project. Learn how to scale secure Java apps! Get your tickets now.
#Quarkus #JakartaEE #Keycloak @JavaForumNord @uni_regensburg
Just moved al my #git repos from #GitHub to my own #Forgejo instance.
I did complete setup with #sso (single sign on) using #KeyCloak and with in-docker runner.
Up until today's morning I was going to install gitlab, but I was persuaded by being presented as lightweight, fully selfhostable, 100% open and with federating features on the way.
Looking forward to try some federation stuff.
https://git.skorpil.cz/explore/repos
Something to look out for - Ferriskey. Aims to be a Keycloak replacement.
@Tutanota My favorite #Degoogle and #Demicrosoft solutions:
Server side: @doncow, @nextcloud, some #Fediverse projects, #Matrix (Synapse) #Keycloak for SSO
Client side (Linux): #Evolution, #Libreoffice, #Librewolf
Mobile ( @GrapheneOS ): #FairEmail, #Firefox, some Fediverse clients, Matrix client
Understanding Keycloak: An Identity Management Solution for .NET Developers
Kennt sich hier jemand mit #Keycloak Authorizations und Policies aus? Der kann sich gerne bei mir mal melden via PM
How to Deploy #Keycloak on #Ubuntu #VPS Here’s a clear and detailed how-to guide for how to deploy Keycloak on Ubuntu VPS. This guide uses Keycloak in standalone mode with PostgreSQL as the database and NGINX as a reverse proxy with SSL.
What is Keycloak?
Keycloak is an open-source identity and access management (IAM) solution developed by Red Hat. It provides authentication, authorization, and user management features for modern applications and ...
Continued 
https://blog.radwebhosting.com/how-to-deploy-keycloak-on-ubuntu-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social
On weekend I managed to connect all my selfhosted services that support it to the #Keycloak #SSO (single sign on).
Namely #Mastodon #Peertube #NextCloud #FreshRSS #Matomo and #grafana
Why to bother with such complication for apps serving only a couple of users?
First it's quite easy nowadays.
And second, because I want to get rid of passwords and just use #passkeys .
This is one of many examples showing that good apps should just focus on one task and just use standards to cooperate with other apps focusing on other tasks.
Peertube for example focuses on videos, not user management. I am very OK that they don't support passkeys, because they implemented OpenId Connect standard to allow me use Keycloak for better login options.
On the other hand, I am quite sad that SSO is often the one feature, that is proprietary and reserved only for paying customers. SSO is not for huge corporations anymore. It's also usefull for us, selfhosters with couple of users.
Kurzer Nachtrag, ich möchte ja auch Lösungen liefern:
Sollte jemand interesse an einer skalierbaren, sicheren und preiswerten Infrastruktur inkl. Chat, Video, Cloud (inkl Collabora), Wiki, Mastodon, sowie Groupware (open XChange) und IDM an alle Dienste interessiert sein, gerne melden. Wir haben dieses System letztes Jahr mit dem Relaunch des NABU-Netz komplett auf open-source Basis für mehrere tausend Personen bereits umgesetzt.
Keycloak parece ser uma solução tão massa como provedor de identidade, porque é tão difícil de achar treinamentos envolvendo ele?
@infosec812 Hej Deven, this is what I was building that involved #Keycloak. Now that I have this full end to end integration test, I’m quite happy about the solution
Nous avons développé le plugin keycloak-altcha, un captcha pour #Keycloak basé sur #ALTCHA :
https://git.lacontrevoie.fr/lacontrevoie/keycloak-altcha
https://altcha.org/
Il ne nécessite pas de résoudre un puzzle ou de cliquer sur des feux de signalisation, mais simplement d’attendre quelques secondes : c’est un captcha « proof-of-work ».
Il fonctionne de la même manière que le plugin Anubis, utilisé par de nombreux logiciels libres ces derniers mois.
Nous accueillerions volontiers des contributions au code :)
Ces derniers mois, nous avons travaillé sur la conception d’un nouvel espace membre basé sur le logiciel libre #Keycloak !
Ce nouvel espace permet de n’avoir qu’un seul compte pour toutes les applications que nous proposons, offrant ainsi l’aspect pratique d’un compte Google… sans la revente de données ;)
Nous avons apporté un soin tout particulier à l’interface de ces plateformes, pour qu’elles soient agréables à regarder et faciles à utiliser. On espère qu’elles vous plairont !
Blogged: kickstarter guide for using Keycloak as identity provider
Texto bem abrangente sobre autenticação e autorização federadas usando Keycloak IAM
https://mi-do.medium.com/keycloak-and-identity-federation-c8942003f197
️ 
