Physics
Keycloak Architecture
Keycloak is an open-source Identity and Access Management solution aimed at modern applications and services. Its architecture comprises numerous essential components, resulting in a highly adaptable and comprehensive platform.
Read more:
Keycloak Server
Keycloak Server is the core component, responsible for creating and managing identities.
Read more:
User Storage SPI
This is where Keycloak stores the user data like usernames, passwords, profiles, and more. It can be either a built-in database or an existing user store.
Identity Brokering
Identity Brokering deals with user identity linking and automating social login through external providers like Google and Facebook.
Tokens and Session Management
This component handles user sessions and JWT (JSON Web Tokens) generation for secure and stateless communication.
Event Management
Event Management monitors all user events and admin events to provide an audit log. It allows integration with external logging systems.
Keycloak Adapters
Adapters are integrated with the application server or application, causing them to become Keycloak-aware.
Read more:
Client Adapters
These adapters are specifically designed for different programming languages and frameworks.
Protocol Mappers
Protocol Mappers convert user session data into tokens.
HTTP Clients
Keycloak HTTP clients send requests to the Keycloak server.
Keycloak Admin Console
This provides GUI to manage the Keycloak server.
Read more:
Users
The Users section is for managing the users, their roles, credentials, and other user-related attributes.
Apps and Clients
The Apps and Clients setting allows the management of applications and clients that use Keycloak for authentication and authorization.
Authentication
The Authentication section allows setting up and management of authentication flows and rules.
Roles
Roles are defined here to help manage access controls.
Keycloak Themes
Keycloak Themes provide a custom look and feel for the UI.
Read more:
Login Theme
Handle the login, OTP, grant, registrations and error pages.
Admin Console Theme
Customize the look and feel of the Admin console.
Account Management Theme
Customize the look and feel of the user account management console.
Keycloak Clustering
Keycloak supports clustering capability to ensure high availability of the service.
Read more:
Infinispan
Infinispan is used for caching, sessions, user sessions, offline tokens, etc.
Database
Stores long-lived data more permanently.
Load Balancing
Uses load balancing techniques to distribute the work evenly across the cluster.