The security/keycloak port

keycloak-24.0.4 – Identity and Access Management solution (cvsweb github mirror)


Keycloak is an open source Identity and Access Management solution
aimed at modern applications and services. It makes it easy to
secure applications and services with little to no code, providing
the following features:
- SAML, OAuth 2.0 and OpenID Connect
- Single Sign On
- Admin Console
- Account Management Console
- User Federation with LDAP and Active Directory
- Identity Brokering and Social Login
No homepage


| Running ${PKGSTEM} on OpenBSD

Config files

The default config file for keycloak is stored at:


While the data files are stored at:


Working with a reverse proxy

Keycloak needs HTTPS and will not work without a TLS certificate. A reverse proxy
such as nginx, relayd or haproxy, can be used to do TLS termination. In such a
case, keycloak must be told to trust the reverse proxy by setting the
following options in the config file:


Working in a cluster

Keycloak supports clustered, high availability mode. This needs multicast enabled,
the details of which can be read in multicast(4).

Due to the limitations of Java on OpenBSD, it is recommended to only use the IPv4
stack for keycloak, both in normal and cluster modes.


Aisha Tammy

Only for arches

aarch64 amd64 i386


java security

Run dependencies