Category

security

Articles about security from the Skycloak team.

security

Secure User Impersonation in Keycloak for Support Teams

Let support staff log in as a user in Keycloak without giving them admin: scope the impersonation role, audit every…

Guilliano Molaire Guilliano Molaire 10 min read
security

Keycloak and GDPR: Deleting, Anonymizing, and Purging User Data

A practical GDPR guide for Keycloak: what PII it stores, how to erase or anonymize a user, bulk-purge inactive accounts…

Guilliano Molaire Guilliano Molaire 13 min read
security

Keycloak Brute-Force Protection’s Blind Spot: IP Limits and Lockout DoS

Keycloak brute-force detection is per-account, not per-IP, leaving a password-spray gap and a lockout-DoS risk. How it works, the limits,…

Guilliano Molaire Guilliano Molaire 10 min read
security

Keycloak Refresh Token Rotation: Setup and Best Practices

How to configure refresh token rotation in Keycloak: revoke-on-use, reuse detection, token lifetimes, SPA vs confidential clients, and security best…

Guilliano Molaire Guilliano Molaire 11 min read
security

Keycloak UMA 2.0: User-Managed Resource Sharing

A practical guide to User-Managed Access (UMA 2.0) in Keycloak: the permission ticket flow, RPT tokens, resource sharing, and when…

Guilliano Molaire Guilliano Molaire 11 min read
security

Keycloak Authorization Services: Policy Types Explained

Keycloak Authorization Services explained: resources, scopes, permissions, and every policy type (role, group, time, regex, JS, aggregate) and when to…

Guilliano Molaire Guilliano Molaire 11 min read
security

The Keycloak Security Hardening Checklist

A practical Keycloak security hardening checklist: TLS, proxy and hostname config, brute-force defense, token and session settings, admin access, and…

Guilliano Molaire Guilliano Molaire 10 min read
security

Keycloak Auditing & Event Logging: The Complete Guide

A complete guide to Keycloak auditing: login and admin events, event listeners, retention, SIEM forwarding, alerting, and security best practices.

Guilliano Molaire Guilliano Molaire 16 min read
security

Keycloak CAEP & Shared Signals: Continuous Access Evaluation

What CAEP and the Shared Signals Framework are, where Keycloak's experimental SSF support stands (targeting v26.7.0), and how to approximate…

Guilliano Molaire Guilliano Molaire 9 min read
Log selection
security

Integrating Skycloak Security Logs Using Syslog

Learn how to forward Skycloak security logs to external SIEM platforms via syslog for centralized monitoring, alerting, and compliance.

Guilliano Molaire Guilliano Molaire 8 min read

Stay ahead on identity & security

Get tutorials, product updates, and Keycloak tips delivered to your inbox.

© 2026 Skycloak. All Rights Reserved. Design by Yasser Soliman