Technical Blog

Tous ces articles sont disponibles (en anglais) sur notre site web historique à l'adresse suivante :
https://www.janua.fr/tag/technical-blog/
Protect Your Privacy: Secondary Email in Keycloakpar Mathieu PASSENAUD | Mai 29, 2026 | Communauté, Gestion des Identités, Open Source
How to protect your privacy with a secondary email in Keycloak: when authenticating with external services via OAuth2/OpenID Connect, your primary email address is often shared by default in the token claims. But what if you don’t want to expose your main email to...
IAM & Regulatory Compliancepar janua | Avr 2, 2026 | Communauté, Gestion des Identités, SSO
ReCyF / NIS2: IAM at the heart of cyber compliance : The ReCyF (French Cybersecurity Framework), published by ANSSI in March 2026, is the operational reference document for anticipating the French transposition of NIS2. Among its 20 security objectives, Objective 10 —...
IAM: The Hidden GDPR Vulnerability in Your Cloud Stackpar janua | Mar 19, 2026 | Gestion des Identités, Open Source, Sécurité, SSO
IAM: the hidden GDPR vulnerability in your cloud stack — And how Keycloak fixes it Continuing the Sovereignty Journey…. In a previous article, Digital Sovereignty: Why Your European Business Probably Breaks GDPR Law, the focus was on how U.S. cloud hyperscalers...
Self-locking sessions in Keycloak with PIN step-up authenticationpar Loïc Mercier Des Rochettes | Mar 6, 2026 | Gestion des Identités
How to get self-locking sessions in Keycloak with PIN step-up authentication : with our partner Please-Open It with share with you this article. Have you ever wished your Keycloak sessions could lock themselves after a few minutes of inactivity on sensitive features —...
Digital Sovereignty : why your european business probably breaks GDPR lawpar Loïc Mercier Des Rochettes | Fév 13, 2026 | Cloud, Communauté, Gestion des Identités
European laws and american laws are conflicting in a way that makes practically illegal for european companies to use american services to store sensitive data. Europe seems to put the rights of the individuals as the core principle behind its laws whereas the United...
Keycloak OAuth2-Proxy Configuration Generator: Simplify Your Reverse Proxy Authentication Setuppar Mathieu PASSENAUD | Jan 26, 2026 | Gestion des Identités
Keycloak OAuth2-Proxy Configuration Generator: with our main partner Please-Open.It we strongly advocate the use of authentication proxy pattern. As we mentioned in our authentication proxy article, this architectural approach is one of the most efficient ways to...
Authentication Proxy: Simplify Authentication in Any Applicationpar Mathieu PASSENAUD | Déc 24, 2025 | Communauté, Gestion des Identités, Open Source, Sécurité, SSO
How to simplify authentication in any application with an authentication proxy ? With our main partner please-open.it, we implement authentication solutions for applications across various languages and frameworks. Over the years, we’ve encountered the same challenges...
How to make your custom workflow with Keycloakpar Mathieu PASSENAUD | Oct 13, 2025 | Gestion des Identités, Open Source, SSO
With our partner please-open.it we implement everything necessary for our customers’ use cases. Many times we have to make custom workflows as : “when a user registers, create it in Hubspot”. How to make your custom workflow with Keycloak ? There is an interesting...
A custom http header to token claim mapper for Keycloakpar Mathieu PASSENAUD | Août 6, 2025 | Gestion des Identités, Open Source, Sécurité, SSO
A custom http header to token claim mapper for Keycloak : Our main partner please-open-it implement everything necessary for our customers’ use cases. And one of our clients asked us: how to pass the locale when authenticating in “client_credentials”? Use case A...
A JWT decoder in the system tray for KeyCloakpar Mathieu PASSENAUD | Août 6, 2025 | Communauté, Gestion des Identités, SSO
A JWT decoder in the system tray, tips and tricks from our main partner Please-Open-IT to enhance your productivity setting up KeycCloak. With our customers, we decode JWT tokens dozens of times a day. We were tired of opening jwt.io each time so we built a simple...
Keycloak User Agent Filter Authenticatorpar Loïc Mercier Des Rochettes | Juin 5, 2025 | Communauté, Gestion des Identités, SSO
Keycloak User Agent Filter Authenticator: our main partner, Please Open It, created an authenticator that filters the user-agent header for Keycloak to exclude embedded webviews, ensuring compliance with specification requirements. The component reduces the attack...
Keycloak roles restriction and full scopespar Mathieu PASSENAUD | Déc 10, 2024 | Gestion des Identités, Open Source, SSO
Keycloak roles restriction and full scopes : for security concerns, you must restrict roles to a subset through the « Full Scope Allowed » Switch as by default a client has « roles » scope as « default » so that a user will have all affected clients roles in its...
LDAP bind proxy : how to log to KeyCloak with LDAPpar Loïc Mercier Des Rochettes | Oct 3, 2024 | Communauté, Gestion des Identités, LDAP, Open Source, SSO
Get rid of your old Active directory/LDAP with keycloak and a small piece of custom software : just a POC for a LDAP bind proxy to log to KeyCloak with LDAP. TL;DR How to spawn a simple bind LDAP proxy for keycloak OIDC password grant in a nutshell. Disclaimer and...
How to enrich native metrics in KeyCloakpar Mathieu PASSENAUD | Août 21, 2024 | Communauté, Open Source, SSO
This article will share how to enrich native metrics in Keycloak with Micrometer and add yours. Special thanks Thanks to all contributors who built one of the most use Keycloak plugin : https://github.com/aerogear/keycloak-metrics-spi TL/DR We developed a new metrics...
Keycloak Authenticator explainedpar Mathieu PASSENAUD | Mar 7, 2024 | Gestion des Identités, Open Source, SSO
In this article we will explain through an example what is and how to use Keycloak Authenticator. In Keycloak, an « authenticator » is a step in an authentication process, what we call « Authentication flow ». An impressive list of authenticators are available with...
Keycloak OIDC authentication with N8N workflowpar Mathieu PASSENAUD | Déc 1, 2023 | Communauté, Gestion des Identités, Sécurité, SSO
This article to share how we use Keycloak OIDC authentication with N8N workflow used internally. Please Open It has its own instance of n8n for internal automations : billing, emails etc… Connecting applications to each other is simpler, especially on data management...
How we build our own Authorizations platform using KeyCloakpar Mathieu PASSENAUD | Nov 13, 2023 | Communauté, Gestion des Identités, Sécurité, SSO
After many years in consulting, how we build our own authorizations platform using KeyCloak. Authn VS Authz First of all, we have to define with a high precision where the authentication stops and where authorization starts. Sometimes you can see posts about : ABAC :...
Keycloak config checkerpar Mathieu PASSENAUD | Oct 10, 2023 | Communauté, Gestion des Identités, Sécurité
As is, Keycloak has a default configuration which can introduce security flaws despite your manual testing, that why our partner Please Open It developed this Keycloak Config Checker to help you enforce your security practices. Default configurations As is, Keycloak...
Keycloak as SSO for Airtablepar Mathieu PASSENAUD | Sep 19, 2023 | Communauté, Gestion des Identités, SSO
This article describes how to use your Keycloak or RedHat SSO as SSO for Airtable. Only available for the « entreprise » plan, you can add your own SSO to your Airtable organization. SSO feature in Airtable Airtable has in their « entreprise » plan a support of SAML...
Keycloak: SSH connection with OAuth2par Mathieu PASSENAUD | Fév 7, 2023 | Communauté, Gestion des Identités, Sécurité, SSO
You can use the SSH connection with OAuth2 authentication method to connect to Keycloak with SSH. This requires that you generate an SSH key pair and register it in your Keycloak account. You will then need to configure your SSH client to use the OAuth2 authentication...
Device code flow in keycloakpar Mathieu PASSENAUD | Fév 7, 2023 | Gestion des Identités, Sécurité
From some times now (release 13.0) Keycloak supports device code flow which can be very usefull in some cases. The device code flow is an OAuth 2.0 authorization flow used by applications that cannot securely store a client secret, such as applications installed on...
Authentication Context Class Reference and Level Of Authentication with Keycloakpar Mathieu PASSENAUD | Nov 15, 2022 | Communauté, SSO
Keycloak now supports Authentication Context Class Reference parameter for different Level of Authentication. It means that you can define different level of authentication in a single flow. oidc-bash Our partner please-open.it has open sourced a little tool called...
Client Initiated Backchannel Authentication and Keycloakpar Mathieu PASSENAUD | Nov 7, 2022 | Gestion des Identités, Sécurité, SSO
Client Initiated Backchannel Authentication (aka CIBA) and Keycloak how-to and tool. What is the goal ? People will think that method is close to device code authentication, a way to authenticate a user without a UI. Device code without a UI : no, device code needs a...
Postgres OAuth2 Authenticationpar Loïc Mercier Des Rochettes | Sep 5, 2022 | Gestion des Identités, Open Source, Sécurité, SSO
In this article we will discuss about Postgres OAuth2 Authentication and why do we need an oauth2 on postgres. Common SSO advantages SSO (in our case with Keycloak) represents many advantages : More than a unique password, a unique login (advantages over an ldap/pg...
Transient sessions in Keycloakpar Mathieu PASSENAUD | Mar 16, 2022 | Gestion des Identités, Sécurité, SSO
Transient sessions in Keycloak or how to save your cache performances ! Keycloak genrates a session on each user login and those sessions are replicated in Infinspan caches. Sometimes, you only need a token, not a session. In this article we will try to explain how to...
New Keycloak online trainingpar janua | Jan 19, 2022 | Open Source, Sécurité, SSO
Due to the current COVID19 situation, we completely renewed our training material, with our partner, in order to give our customers the possibility of a remote KeyCloak fully digital online training. We created a VM classroom environment using Vagrant so that...
Keycloak.X and Kubernetes – How to deploy a clusterpar Mathieu PASSENAUD | Jan 5, 2022 | Communauté, Gestion des Identités, SSO
Keycloak.X will become the reference soon. According to the Keycloak Blogpost, Keycloak 18 will not support Wildfly, after that no wildfly version… Now it is time to migrate! We are still waiting for a Kubernetes operator with Keycloak.X, in this post we will...
Keycloak and UMA 2.0 with bashpar Mathieu PASSENAUD | Août 13, 2021 | Gestion des Identités, Sécurité, SSO
UMA 2.0 is known as a delegation of authorizations standard but could be sometimes tricky and unclear. Keycloak is fully compatible with UMA 2.0. With a tool developped by our partner please-open.it, let’s see how to use Keycloak and UMA 2.0 with bash. This...
Sizing Keycloak or Redhat SSO projectspar janua | Juin 8, 2021 | Gestion des Identités, Sécurité, SSO
We receive numerous inquiries about sizing Keycloak or Redhat SSO projects and installation. Nicolas Massé, solution architect from Redhat did a great job and wrote a usefull article to answer this recurrent question :...
Keycloak.X Distributionpar janua | Jan 28, 2021 | Cloud, Communauté, SSO
December 16 2020 Keycloak Team Introduce Keycloak.X Distribution. The world is changing fast and IT has been an important part of the engine. As companies start moving their infrastructure to the cloud, security becomes a key factor to make this journey a success....
Action Token in Keycloakpar Loïc Mercier Des Rochettes | Jan 28, 2021 | Gestion des Identités, SSO
Action Token in Keycloak could be very useful but tricky to implement. You may find below an article from our partner Please Open It about it’s implementation and use cases. What is an action token ? Action tokens are a particular type of token meant to allow...
LDAP integration with Keycloakpar Mathieu PASSENAUD | Oct 5, 2020 | Gestion des Identités, LDAP, SSO
LDAP integration with Keycloak seems to be confusing for a lot of us, and we face a lot of questions about it, it’s why we try in this article to become clearer in this article. Active Directory or LDAP ? LDAP (Lightweight Directory Access Protocol) is a...
New KeyCloak Fully Digital Online Trainingpar janua | Juil 28, 2020 | Formation, SSO
Due to the current COVID19 situation, we completely renewed our training material, with our partner, in order to give our customers the possibility of a remote KeyCloak fully digital online training.We created a VM classroom environment using Vagrant so that everybody...