Keycloak 是一个为浏览器和 RESTful Web 服务提供 SSO 的集成。基于 OAuth 2.0 和 JSON Web Token(JWT) 规范。最开始是面向 JBoss 和 Wildfly 通讯,但已经计划为其他诸如 Tomcat、Jetty、Node.js、Rails、Grails 等环境提供解决方案。
主要功能:
SSO and Single Log Out for browser applications
Social Broker. Enable Google, Facebook, Yahoo, Twitter social login with no code required.
Optional User Registration
Password and TOTP support (via Google Authenticator). Client cert auth coming soon.
Customizable themes for user facing pages
OAuth Bearer token auth for REST Services
Integrated Browser App to REST Service token propagation
OAuth 2.0 Grant requests
CORS Support
CORS Web Origin management and validation
Completely centrally managed user and role mapping metadata. Minimal configuration at the application side
Admin Console for managing users, roles, role mappings, applications, user sessions, allowed CORS web origins, and OAuth clients.
Deployable as a WAR, appliance, or an Openshift cloud service (SaaS).
Supports JBoss AS7, EAP 6.x, and Wildfly applications. Plans to support Node.js, RAILS, GRAILS, and other non-Java applications.
Javascript/HTML 5 adapter for pure Javascript apps
Session management from admin console
Revocation policies
Password policies
OpenID Connect Support
