Recent Blog Posts
KEYCLOAK Declarative User Profile
Working with custom user attributes was in past Keycloak versions sometimes a bit cumbersome and difficult. Mostly, you were just able to have a field during registration or not, but the default account console didn’t show custom fields at all. This has changed with the declarative user profile, which has been introduced with Keycloak 24.x (before, it was already available as a preview feature with limited functionality).
Read more »KEYCLOAK Transient Users
When working in Keycloak with external Identity Providers (no matter if social or not), Keycloak stores by default the authenticated user locally in its database. This might become problematic in terms of data minimization and data privacy control in context of GDPR or similar data protection laws. Removing stale users automatically from Keycloak is not possible out-of-the box and can become cumbersome.
Read more »KEYCLOAK Organizations and Multi-Tenancy in one Realm
With the new Organizations feature in Keycloak, it’s now possible to manage organizations within only one realm of Keycloak. Organizations can be e.g. some B2B structures, B2B2C approaches, or simple multitenancy how you need and like it. You can assign users to one or multiple organizations and also organization specific IdentityProviders so that users are automatically forwarded to their IdPs for authenticaton.
Read more »Keycloak DevDay 2025 Announcement and Call-for-Papers
I’m excited to announce the next edition of KEYCLOAK DevDay 2024!
Read more »KEYCLOAK - Setting a fixed issuer value
Keycloak derieves the issuer value, used in the openid-configuration document and in generated tokens, from the hostname settings of the server.
This is not wrong and a valid decision made by the team some time ago.
While one is not forced to do so, it’s totally ok to use the hostname as a valid issuer value.
All Blog Posts / Archive
Read all of my blog posts, find them either by tag or chronological: