These guides are for the unstable nightly release, for the latest release go here.
Getting started
OpenJDK
Get started with Keycloak on bare metal
Docker
Get started with Keycloak on Docker
Podman
Get started with Keycloak on Podman
Kubernetes
Get started with Keycloak on Kubernetes
OpenShift
Get started with Keycloak on OpenShift
Scaling
Get started with Keycloak scaling and tuning
Server
Configuring Keycloak
Understand how to configure and start Keycloak
Configuring Keycloak for production
Learn how to make Keycloak ready for production.
Admin bootstrap and recovery
Learn how to bootstrap and recover admin account.
Directory Structure
Understand the purpose of the directories under the installation root
Running Keycloak in a container
Learn how to run Keycloak from a container image
Configuring TLS
Learn how to configure Keycloak's https certificates for ingoing and outgoing requests.
Configuring the hostname (v2)
Learn how to configure the frontend and backchannel endpoints exposed by Keycloak.
Using a reverse proxy
Learn how to configure Keycloak together with a reverse proxy, api gateway, or load balancer.
Configuring the database
An overview about how to configure relational databases
Configuring distributed caches
Understand how to configure the caching layer
Configuring outgoing HTTP requests
How to configure the client used for outgoing HTTP requests.
Configuring trusted certificates
How to configure the Keycloak Truststore to communicate through TLS.
Configuring trusted certificates for mTLS
Learn how to configure Mutual TLS to verify clients that are connecting to Keycloak.
Enabling and disabling features
Understand how to configure Keycloak to use optional features
Configuring providers
Understand how to configure providers
Configuring logging
Learn how to configure Logging
FIPS 140-2 support
How to configure Keycloak server for FIPS compliance
Configuring the Management Interface
Learn how to configure Keycloak's management interface for endpoints like metrics and health checks.
Importing and Exporting Realms
An overview about how to import and export realms
Using a vault
Learn how to use and configure a vault in Keycloak
All configuration
Complete list of all build options and configuration for Keycloak
All provider configuration
Complete list of all the available provider configuration options
Checking if rolling updates are possible
Execute the update compatibility command to check if Keycloak supports a rolling update for a change in your deployment.
Operator
Keycloak Operator Installation
How to install the Keycloak Operator on Kubernetes and OpenShift
Basic Keycloak deployment
How to install Keycloak using the Operator
Keycloak Realm Import
How to perform an automated Keycloak Realm Import using the operator
Advanced configuration
How to tune advanced aspects of the Keycloak CR
Avoiding downtime with rolling updates
Avoid downtimes when changing themes, providers or configurations in optimized images.
Using custom Keycloak images
How to customize and optimize the Keycloak Container
Observability
Tracking instance status with health checks
Check if an instance has finished its start up and is ready to serve requests by calling its health REST endpoints.
Gaining insights with metrics
Collect metrics to gain insights about state and activities of a running instance of Keycloak.
Monitoring user activities with event metrics
Event metrics provide admins an aggregated view of the different user activities in a Keycloak instance.
Monitoring performance with Service Level Indicators
Track performance and reliability as perceived by users with Service Level Indicators (SLIs) and Service Level Objectives (SLOs).
Troubleshooting using metrics
Learn which metrics exist and how to use them for troubleshooting errors and performance issues.
Root cause analysis with tracing
Record information during the request lifecycle with OpenTelementry tracing to identify root cases for latencies and errors in Keycloak and connected systems.
Visualizing activities in dashboards
Install the Keycloak Grafana dashboards to visualize the metrics that capture the status and activities of your deployment.
Analyzing outliers and errors with exemplars
Use exemplars to connect a metric to a recorded trace to analyze the root cause of errors or latencies.
Securing applications
Planning for securing applications and services
Introduction and basic concepts for securing applications
Secure applications and services with OpenID Connect
Using OpenID Connect with Keycloak to secure applications and services
Keycloak JavaScript adapter
Client-side JavaScript library that can be used to secure web applications.
Keycloak Node.js adapter
Node.js adapter to protect server-side JavaScript apps
mod_auth_openidc Apache HTTPD Module
Configuring the mod_auth_openidc Apache module with Keycloak
Keycloak SAML Galleon feature pack for WildFly and EAP
Using Keycloak SAML Galleon feature pack to secure applications in WildFly and EAP
mod_auth_mellon Apache Module
Configuring the mod_auth_mellon Apache module with Keycloak
Docker registry
Configuring a Docker registry to use Keycloak
Client registration service
Using the client registration service
Client registration CLI
Automating Client Registration with the CLI
Using token exchange
Configuring and using Token exchange with Keycloak
Keycloak admin client
Using the Keycloak admin client to access the Keycloak Admin REST API
Keycloak authorization client
Using the Keycloak authz client administer and check permissions
Keycloak policy enforcer
Using the Keycloak policy enforcer in Java applications
Upgrading the Keycloak Client Libraries
How to upgrade the Keycloak Client Libraries
High availability
Multi-site deployments
Connect multiple Keycloak deployments in different sites to increase the overall availability
Concepts for multi-site deployments
Understanding a multi-site deployment with synchronous replication
Building blocks multi-site deployments
Overview of building blocks, alternatives and not considered options
Take site offline
This describes how to take a site offline so that it no longer processes client requests
Bring site online
This guide describes how to bring a site online so that it can process client requests.
Synchronize Sites
This describes the procedures required to synchronize an offline site with an online site
Health checks for multi-site deployments
Validating the health of a multi-site deployment
Migration
Migrating to Quarkus distribution
Migrate to the new Quarkus distribution from the legacy WildFly distribution