22 posts tagged with "open_source"

As more companies build SaaS platforms, the need to serve multiple customer groups—or tenants—from a single system becomes critical. In the identity world, this means implementing multi-tenancy within your identity provider.

In this post, we’ll walk through:

• What multi-tenancy means in Keycloak
• The drawbacks of using multiple realms for tenants
• Why organizations are a better, more scalable approach
• How the Phase Two Organizations extension supports advanced use cases like theming, shared IdPs, and user membership
• How our implementation differs from (and improves on) the new native Keycloak organizations feature

We've written extensively about how to model multi-tenancy with organizations and how Phase Two's Organizations extension differs from the native implementation being undertaken by the Keycloak team.

All of Phase Two's hosted environments come standard with all of our popular extensions to make it easy to hit the ground running and cover 95% of all IAM use-cases.

As more companies adopt Keycloak for enterprise identity and access management, security is no longer just a back-end concern. One of the most frequent questions we hear at Phase Two is:

"Should I put a Web Application Firewall (WAF) in front of Keycloak?"

The short answer? It depends—but it's a smart question to ask.

In this post, we'll break down what Keycloak provides out of the box, explore common attack vectors (especially around authentication endpoints), and help you evaluate whether you need to add an external firewall or WAF to your deployment.

Passwords are on their way out. From phishing to password reuse, they've become one of the weakest links in modern authentication. The solution? Passkeys—a phishing-resistant, user-friendly, and increasingly supported replacement for traditional passwords.

In this post, we’ll break down what passkeys are, how they work, which platforms support them, how they relate to WebAuthn, and how you can integrate them into your Keycloak authentication flows. Finally, we’ll explore some of the real-world considerations and challenges.

SAML has a bit of a reputation. For many developers, it lives in that shadowy corner of the B2B internet where XML still rules and stack traces seem to go on forever. If you've ever had the misfortune of debugging a malformed <Assertion>, you know the pain. But here's the thing: it doesn't have to be a nightmare.

At Phase Two, we provide managed hosting and enterprise support for Keycloak, a leading open-source Identity and Access Management platform. And while OIDC has become the default for most modern applications, SAML is still alive and well—especially in enterprise environments.

This post is a gentle (and opinionated) introduction to what SAML is, how it works, and why it still matters particularly if you're implementing SAML SSO in Keycloak.

IdP Initiated Flow​

When implementing SAML for the establishment of an Identity Provider, two primary options are available:

1. Service Provider (SP) initiated
2. Identity Provider (IdP) initiated

The SP initiated flow is widely recognized by users due to its straightforward configuration, which is merely the exchange of some metadata. In contrast, the IdP-initiated flow is less intuitive and involves an additional step that may not be readily apparent to many users. The purpose of this blog is to elucidate the steps necessary to successfully execute the IdP-initiated flow. We will setup a full example

A fundamental understanding of SAML 2.0 and Keycloak is required to effectively follow the provided instructions.

Our pal over at Keycloakify has been working on creating a simple OpenId Connect (OIDC) library called, OIDC Spa. As with Joseph's usual approach to user friendliness, OIDC SPA simplifies a lot of the integration work than can come with adding an Authentication and Authorization layer to your application. Follow along as we show you how to integrate OIDC SPA with a Phase Two's free Keycloak instance.

Phase Two has long been big fans of Keycloakify. The work being done by Joseph Garrone is in our opinion some of the best user-focused work in the Keycloak community. Keycloakify brings the ability to theme the Keycloak frontend applications: Login, Account, Admin(coming) using modern toolsets like React or Angular and theming systems like Tailwind or Material-UI. Keycloakify allows you to build quickly and deploy themes to your Keycloak installation in a manner that the existing Keycloak toolset (ftl templates) does not.

Keycloak and Frontegg are two prominent solutions in the identity and access management (IAM) space, each serving distinct needs. Keycloak is an open-source IAM solution with over eight years of development, known for its scalability and deep customization options, allowing organizations full control over user identity management. On the other hand, Frontegg is a cloud-native platform designed for quick deployment and integration, specifically tailored for SaaS applications, offering a user-friendly management experience. In this blog post, we will compare Keycloak and Frontegg based on cost structure, deployment options, customization, scalability, functionality, and support.

Exploring Keycloak as an alternative to PingIdentity for Authentication Solutions

In the evolving landscape of identity and access management (IAM), organizations face critical decisions regarding the tools that will best meet their needs. Keycloak and Ping Identity are two noteworthy solutions, each exhibiting unique features that cater to different organizational requirements. This blog provides a detailed comparison of open-source Keycloak and the commercial offering of Ping Identity across essential aspects of IAM solutions.

Exploring Keycloak as an alternative to OneLogin for Authentication Solutions

Keycloak and OneLogin (by One Identity) are both important players in the identity and access management (IAM) space, each catering to different organizational needs. Keycloak is an open-source solution with over eight years of active development, known for its scalability and customization. OneLogin, on the other hand, is a commercial product emphasizing user-friendly interfaces and extensive integration options. This article compares Keycloak and OneLogin based on cost, deployment, customization, scalability, functionality, integration, and support.