Keycloak (IAM/SSO) Training — Raffael Hühnerschulte

What We Cover

Open-source SSO and identity management

Day 1

Realm Configuration & Protocol Flows

Keycloak concepts: realms, clients, users, groups, roles, scopes
Client types: public (SPA, mobile) vs confidential (backend services)
OAuth2 flows: Authorization Code with PKCE, Client Credentials, Device Authorization
OpenID Connect: ID token, access token, refresh token — structure and claims
SAML 2.0 basics: SP-initiated, IdP-initiated, assertion format
User federation: LDAP and Active Directory integration
Identity providers: social login (Google, GitHub), enterprise IdP federation
Mappers: user attribute mappers, role mappers, protocol mappers
Authentication flows: custom flows, OTP, WebAuthn
Session management: SSO session timeout, offline sessions
Client scopes: grouping claims, optional vs default scopes

Day 2

Spring Boot Integration & Production

Spring Boot + Keycloak: spring-boot-starter-oauth2-resource-server configuration
JWT validation: public key discovery via JWKS endpoint
Keycloak Admin REST API: user management, realm configuration via API
Fine-grained authorization: Keycloak Authorization Services, policies, permissions
Keycloak in Kubernetes: Keycloak Operator, HA configuration with Infinispan
Importing/exporting realms: CI/CD for realm configuration
Themes: customizing login, account, and email templates
Event listeners: audit logging, custom event handling
Token exchange and impersonation
Upgrade paths: migrating from older Keycloak to Quarkus-based Keycloak 20+

Learning Outcomes

What your team walks away with

Teams who can configure Keycloak as a production identity provider — realm configuration, Spring Boot integration, user federation, and high-availability deployment.

Configure OAuth2/OIDC clients with correct flows for SPAs, mobile apps, and backend services
Integrate Keycloak with Spring Boot for JWT-based authentication and authorization
Set up user federation with Active Directory or LDAP
Deploy Keycloak in Kubernetes with high availability and realm configuration in CI/CD

Book the Keycloak training

Available as a 1-day configuration and integration focus or a 2-day course including production deployment and authorization services.

Get in touch