Blog / Articles

migrating-cloud-foundry-uaa-to-keycloak-review

Guilliano Molaire June 10, 2026 2 min read

Editorial Review: Migrating From Cloud Foundry UAA to Keycloak: The Complete Playbook

Date: 2026-06-09
Author: Guilliano Molaire (gmolaire)
Word Count: ~2,070
Reading Time: ~9 min

Scores

Dimension	Score	Notes
Keycloak Specificity	9/10	Real mapper types, kcadm paths, version-accurate (26.6.3, Argon2 since 24, SCIM preview in 26.6)
Content Quality	8/10	Dense, no padding; only 2 code blocks (target 3+)
E-E-A-T Signals	8/10	Broadcom/Keycloak primary sources; experience framed honestly, no fabricated case studies
SEO Optimization	7/10	Title 68 chars (over 60); `migrations` category does not exist in WP
AI Citation Readiness	9/10	Answer-first H2s, 4 FAQ items at 40-60 words, quotable mapping table
Technical Accuracy	8/10	One real flaw: sample token mixes user claims with `authorities` (client-token claim)
Writing Quality	9/10	Voice on-brand, contractions, varied sentence length, zero em-dashes
Overall	8.3/10

Fabrication Check

PASS. All claims sourced (Broadcom release notes, Broadcom KB, keycloak.org releases, endoflife-adjacent version facts). No invented statistics, quotes, or case studies. Experience claims are qualitative and truthful (“the playbook we walk customers through”).

Must Fix (High Priority)

Token example accuracy. The sample UAA token shows user_name AND authorities together. In UAA, user access tokens carry scope; authorities appears on client_credentials tokens. An ex-UAA operator will catch this. Fix: add one clarifying sentence after the JSON.
Category migrations does not exist in WordPress. Existing categories: tutorials, security, definition-and-basics, iot (+ keycloak-operations in use). This is a step-by-step playbook: use tutorials.
Title is 68 characters. Trim to under 60 so it does not truncate in SERPs.

Should Fix (Medium Priority)

Only 2 code blocks; add a third (kcadm protocol-mapper creation) in the claims section where it does real work.
Add /features/identity-providers/ link where origin keys map to IdP aliases (currently zero feature-page links).

Nice to Have (Low Priority)

Featured image via blog-image skill (optional per house policy).
A future companion asset: the UAA-to-Keycloak mapping table as a downloadable cheat sheet (already noted in the briefs file as a lead-magnet candidate).

Internal Linking Opportunities

Present: /hosting/, /keycloak/, /tools/jwt-token-analyzer/ (x2), /pricing/, /contact/. Add: /features/identity-providers/. Once B2 (SiteMinder) publishes, cross-link both ways.

AI Citation Opportunities

Strong already. The concept-mapping table and the FAQ answer “Can Keycloak fully replace Cloud Foundry UAA?” are extraction-ready. No changes required.

Strengths

The Broadcom proprietary-UAA-swap + platform-rename framing is original, current (10.2/10.3, 2026), and sourced to primary docs. No competitor post has this angle.
Password section gives a ranked decision, not a feature list, and correctly identifies the federated-users escape hatch.
Dual-run section reads like operations experience, not theory.

Verdict

Needs minor revision (3 must-fix items, all small). Ready to publish once applied.

Written by Guilliano Molaire Founder

Guilliano is the founder of Skycloak and a cloud infrastructure specialist with deep expertise in product development and scaling SaaS products. He discovered Keycloak while consulting on enterprise IAM and built Skycloak to make managed Keycloak accessible to teams of every size.

View all posts

Ready to simplify your authentication?

Deploy production-ready Keycloak in minutes. Unlimited users, flat pricing, no SSO tax.

Start Free Trial Talk to Sales