Keycloak IAM & SSO Masterclass

Keycloak IAM & SSO Masterclass (online) - Niko Köbler - German - date confirmed

This training gives you a complete overview of all Keycloak topics - practical and tailored to your needs. The choice is yours:

• Three-day masterclass for a comprehensive overall package

• 1-day “Keycloak Deployment & Operations” workshop for a targeted introduction to operation and deployment

• 2-day training course “Keycloak IAM & SSO Fundamentals”, which focuses on the basics of identity management and single sign-on

👉 You can select the option that fits you best in the shop.

You don’t just want to get Keycloak up and running—you want to do it right. From deployment and high availability to OAuth 2 / OIDC fundamentals, authentication flows, multi-tenancy, and user federation: In this Keycloak training course, you’ll learn everything you need to know for professional, secure Keycloak operations.

The Three Training Days at a Glance

We’ll start by setting up a Keycloak server from scratch—containerized with Docker, but with configuration options that you can adapt to any infrastructure (Kubernetes, Podman, or a traditional deployment on the file system).

Since an authentication system must never fail, we’ll set up a high-availability cluster with a load balancer right away. We manage realm configurations as config-as-code using the Keycloak Terraform provider and the Admin CLI, so that changes are traceable, versionable, and repeatable. Finally, we set up monitoring with system and event metrics and run initial performance tests.

Day 2 – Understanding OAuth 2, OIDC, and Keycloak Configuration

Theory Meets Practice: We’ll develop a shared understanding of the OAuth 2.0 and OIDC specifications—including current best practices and deprecated features—and immediately apply it to a live Keycloak server. We’ll cover tokens, claims, client scopes, and realm and client configurations in detail.

Day 3 – User Management, Tenants, and Authentication Flows

Der mächtigste Part: Wir richten Organisationen als Mandantenkonzept ein, ordnen Benutzer zu und laden sie gezielt ein. User Profile mit verwalteten Attributen, Berechtigungen und Validatoren geben dir die volle Kontrolle über deine Benutzerdaten. Danach verbinden wir LDAP als User Federation und konfigurieren externe Identity Provider (Entra ID, Social Login, Bund.ID u. a.) für Identity Brokering. Den Abschluss bildet das Design komplexer Authentifizierungsflows, Nutzung von Passkeys und die Konfiguration von Required Actions.

Agenda

Day 1 - Deployment, Operations, Observability, etc.

Server Setup & Configuration

• Keycloak server configuration and deployment (including database)
• Versions & Upgrades
• Backup & Recovery

Clustering and Distributed Caching

• Configuring the Keycloak server for cluster operation
• Customizing / tuning the (distributed) cache configuration

Realm Configuration, Config-as-Code & Import/Export

• Config-as-Code with the Keycloak Terraform provider

• Using the Keycloak Admin-CLI

• Realm Export & Import
• Importing Preconfigured Realms

Performance & Metrics

• Load/Performance Tests
• System Metrics
• Event Metrics

Day 2 - Fundamentals, Realms & Clients, etc.

Fundamentals & Specifications

• Single Sign-On Fundamentals (SSO)
• Basic knowledge of the OAuth2, OpenID Connect (OIDC), and JSON Web Token (JWT) specifications

Realms & Clients

• Principles and configuration of Keycloak realms
• Getting started with tokens, claims, and client scopes
• Client configurations (confidential/public) in Keycloak, using a distributed application as an example
• Customizing the appearance of Keycloak forms and user interfaces

Day 3 - User Management, Tenants, Authentication Flows & Required Actions

User Management and Sources

• Organizations, users, groups, and roles in Keycloak
• Creating organizations for multi-tenant capability
• Assigning and inviting users to organizations
• User profiles with managed attributes, permissions, required fields, and validators
• Clarification of the differences between user federation, user storage, and external identity providers
• Configuring an LDAP server as a user federation
• Using custom user data sources
• Configuring an external identity provider (identity brokering)
• Interaction between organizations and external identity providers

Authentication Flows and Required Actions

• Design and configuration of various authentication flows
• Extending authentication options using custom extensions
• Using required actions
• Configuring additional authentication policies

Your Trainers

Niko Köbler

Niko Köbler IT-Beratung

Keycloak, IAM

• Keycloak Extensions
• Keycloak IAM & SSO Masterclass
• Keycloak Quickstart

Niko Köbler is a freelancer and has been working as a Keycloak and IAM expert for customers from various industries across Europe for over ten years. He has been running a successful Keycloak channel on YouTube since the beginning of 2021 and supports the community in various forums. He is also a well-known and sought-after speaker at IT conferences, co-lead of a Java user group and writes articles for various specialist journals. https://www.n-k.de