install
source · Clone the upstream repo
git clone https://github.com/diegosouzapw/awesome-omni-skill
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/diegosouzapw/awesome-omni-skill "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/devops/keycloak" ~/.claude/skills/diegosouzapw-awesome-omni-skill-keycloak && rm -rf "$T"
manifest:
skills/devops/keycloak/SKILL.mdsource content
Keycloak
Keycloak is an open-source Identity and Access Management solution aimed at modern applications and services. It makes it easy to secure applications and services with little to no code.
When to Use
- Self-Hosted IAM: You want Auth0 features but deployed on your own infrastructure (GDPR/Compliance).
- Enterprise Integration: Connecting to legacy LDAP/Active Directory user federations.
- Single Sign-On (SSO): One login for your internal wiki, chat, and cloud apps.
Quick Start (Docker)
docker run -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:latest start-dev
Core Concepts
Realm
A space where you manage objects (users, apps, roles). You usually create a dedicated realm for your app (e.g.,
my-app-realmmasterClients
Applications (Web, Mobile, Service) that can request login.
Identity Brokering
Keycloak can act as a broker: User clicks "Login with GitHub" -> Keycloak talks to GitHub -> Keycloak issues its own token to your app.
Best Practices (2025)
Do:
- Use the Operator: On Kubernetes, use the Keycloak Operator for upgrades and scaling.
- Production Mode:
is for local only. Use an external DB (Postgres) and proper HTTPS for production.start-dev - Theme It: Don't use the default login page. Extend the theme to match your brand.
Don't:
- Don't Modify Core: Use the SPI (Service Provider Interface) to write plugins if you need custom logic.
- Don't expose Admin Console: Block
and/admin
access from the public internet./master