The Ins and Outs of Keycloak: An Interview with Alexander Schwartz

Hailey Mai
06/21/2023
KBE blog post 023 - The Ins and Outs of Keycloak: An Interview with Alexander Schwartz

Alexander Schwartz is a Principal Software Engineer at Red Hat working on the Keycloak team. He has been working with Keycloak for over 8 years, starting as a community contributor in 2015 before being employed by Red Hat in January 2022. Alexander works fully remotely from his home office near Frankfurt, Germany.

Keycloak is an open source identity and access management solution aimed at modern applications and services. KBE Insider recently had the opportunity to talk with Alex about Keycloak during his visit to Amsterdam for KubeCon Europe.

 

The Future of Keycloak

Keycloak has targeted both cloud and non-cloud environments for many years. You can download Keycloak and run it on OpenJDK, deploy it on Kubernetes and OpenShift, or use it with various cloud services. Keycloak integrates with technologies like OpenID Connect and OAuth 2.0 to secure applications and APIs. Alex sees opportunities to further integrate Keycloak with cloud-native technologies, for example, by adding support for CloudEvents to send notifications when users log in. Alex also mentions that there is a desire for providing more deployment examples and documentation for securing Kubernetes clusters, serverless environments, and other cloud native platforms with Keycloak.

 

Exciting Features Coming Soon

The next release Keycloak 22 will be based on Quarkus 3 and Hibernate 6 to benefit from the improvements of these frameworks. After the web UI for administrators has been updated in a previous release, the account console for users will be updated as well to the latest set of technologies with an improved user experience.

Support for cross-site Keycloak deployments, a highly requested feature, is currently a preview feature. The Keycloak team is working to make active-passive, and later active-active setups fully supported for a future release.

 

The Need for Observability 

Observability and monitoring are passions for Alex. Keycloak already supports standard metrics out-of-the-box. After adding the OpenTelemetry agent, Keycloak provides additional metrics and tracing, which provides details like the most used Keycloak URLs, and traces calls with detailed timings down to database queries. Improving metrics and observability to help users optimize their installations is an ongoing goal. 

Alex wants to provide more predefined dashboards, alerts, and monitoring tools specific to Keycloak. Observability is key for well-running software systems, especially when operating at large scale. Knowing details about usage patterns and performance helps determine when and how to scale Keycloak, optimize configurations, and troubleshoot issues. 

 

Serving Two Types of Users 

Keycloak serves two main types of users. Some want an IAM solution without much customization, using Keycloak out of the box to secure applications and services. Others want to deeply customize Keycloak for their needs by developing custom authenticators, event listeners, user federation mappings, and more. Keycloak aims to support both use cases, providing an easy to use solution as well as extension points for custom integrations. An ecosystem of extensions and integrations has developed around Keycloak to meet the needs of more customized installations. Keycloak also has a vibrant community building tutorials, writing blog posts, and sharing best practices. 

 

The Road Ahead 

Cross-site support will hopefully be released soon, along with the other features mentioned previously. The community around Keycloak continues to drive new feature requests and find innovative ways to deploy Keycloak, keeping the project active and vibrant. Keycloak is also broadly used within Red Hat to secure many public-facing services, providing valuable real-world usage and feedback. 

Overall, the future looks bright for Keycloak, with an active community and virtually endless ways to use an IAM solution. It was an insightful discussion about Keycloak. Improving in areas like zero downtime upgrades, cloud native integration, customization, and observability will help serve all Keycloak users, whether they want an out-of-the-box solution or require heavy customization. The project aims to continue balancing these needs and improving the technology overall. Many thanks to Alex for sharing his time and knowledge!

Full video at: KBE Insider Amsterdam

 

Follow us: @kubebyexample

Leave anonymous feedback

Join the KBE community forum