keycloak/keycloak
Summary
Keycloak is an open-source identity and access management tool that provides authentication, authorization, and user management for applications, with support for social login, single sign-on, and fine-grained access control.
View Cached Full Text
Cached at: 06/27/26, 11:15 AM
keycloak/keycloak
Source: https://github.com/keycloak/keycloak
Open Source Identity and Access Management
Add authentication to applications and secure services with minimum effort. No need to deal with storing users or authenticating users.
Keycloak provides user federation, strong authentication, user management, fine-grained authorization, and more.
Help and Documentation
- Documentation
- User Mailing List - Mailing list for help and general questions about Keycloak
- Join #keycloak for general questions, or #keycloak-dev on Slack for design and development discussions, by creating an account at https://slack.cncf.io/.
Reporting Security Vulnerabilities
If you have found a security vulnerability, please look at the instructions on how to properly report it.
Reporting an issue
If you believe you have discovered a defect in Keycloak, please open an issue. Please remember to provide a good summary, description as well as steps to reproduce the issue.
Getting started
To run Keycloak, download the distribution from our website. Unzip and run:
bin/kc.[sh|bat] start-dev
Alternatively, you can use the Docker image by running:
docker run quay.io/keycloak/keycloak start-dev
For more details refer to the Keycloak Documentation.
Building from Source
To build from source, refer to the building and working with the code base guide.
Testing
To run tests, refer to the running tests guide.
Writing Tests
To write tests, refer to the writing tests guide.
Contributing
Before contributing to Keycloak, please read our contributing guidelines. Participation in the Keycloak project is governed by the CNCF Code of Conduct.
Joining a community meeting is a great way to get involved and help shape the future of Keycloak.
Code of Conduct
We are committed to providing a safe, welcoming, and constructive environment for all Keycloak contributors and users.
To protect this space, we actively enforce our Code of Conduct.
If you wish to report an incident or appeal a moderation decision, please email [email protected].
Other Keycloak Projects
- Keycloak - Keycloak Server and Java adapters
- Keycloak Client - Keycloak client libraries
- Keycloak QuickStarts - QuickStarts for getting started with Keycloak
- Keycloak Node.js Connect - Node.js adapter for Keycloak
License
Similar Articles
JumpServer: Open-Source Privileged Access Management
JumpServer is an open-source Privileged Access Management (PAM) platform that provides secure, on-demand access to SSH, RDP, Kubernetes, Database, and RemoteApp endpoints through a web browser.
logto-io/logto
Logto is an open-source auth infrastructure for SaaS and AI apps, supporting OIDC, OAuth 2.1, SAML, multi-tenancy, enterprise SSO, and RBAC.
Zero-Touch OAuth for MCP
The Enterprise-Managed Authorization extension for MCP is now stable, allowing organizations to centrally manage authorization for MCP servers and enabling zero-touch OAuth for end-users. Adopted by Anthropic, Microsoft, and Okta.
@ycombinator: Clawvisor (@clawvisor) lets you give AI agents access to apps like Gmail and Slack without handing over your credential…
Clawvisor is a new authorization layer for AI agents that enables secure access to apps like Gmail and Slack without exposing credentials or allowing rogue actions, solving key safety issues in agent deployment.
We shipped an MCP server where agents inherit human identity. Then we had to figure out where that identity comes from.
We shipped an MCP server where agents inherit human identity, implementing OAuth 2.1 federation and per-IdP claim mappers to solve agent identity management and RBAC policy evaluation.