KeycloakCon Japan 2025

In this session, we will explain how we standardized and streamlined authentication flows to address the growing workload faced by engineers due to the rapid increase in authentication services.

To tackle the challenging task of building individual authentication flows for over 100 services, we adopted an implementation approach that defines authorization levels using role information and leverages attribute data stored in Keycloak.

By accurately linking user information with imported role data and standardizing authentication flows, we enabled faster updates to authorization systems. Additionally, we implemented centralized policy management for each client using OPA (Open Policy Agent) and policy language, significantly improving maintenance efficiency.

This session will provide practical and scalable design strategies and implementation methods for building robust systems that address au

We have launched a new service which monitors customers' systems.
It uses Keycloak to authenticate for customers and developers to use our service components, for instance, Grafana, ArgoCD, Backstage, Redmine, and so on.

So, Keycloak has personal information, and we have to manage it securely.
We're using Terraform to configure Keycloak, not for making mistakes due to creating by hand. And we don't want to encounter errors when running Terraform code from the developer's PC.
So we're running it from the CD agent. We use Cloud Build, a Google Cloud product, because it provides a private pool that allows us to use a specific IP address.

We'll introduce how to build this CD system and how to use Terraform in my session.

OpenID Federation 1.0 provides a framework to build trust between a Relying Party and an OpenID Provider that have no direct relationship so that the Relying Party can send OIDC/OAuth requests to the OpenID Provider without being previously registered.

One primary use case is the trust between an Issuer and a Holder (Wallet) on W3C’s Verifiable Credential Data Model, which is getting a lot of attentions as an approach to realize the Digital Identity Wallet ecosystem.
Especially when high assurance level is needed like EU Digital Identity Wallet, OpenID Federation can provide a strong solution.

In this session:
Firstly I will explain OpenID Federation and the reason why it is important for Digital Identity Wallet ecosystem.
Then I will explain what types of roles Keycloak can play with OpenID Federation Trust Chain.
Also I will show a simple demo of client registration with OpenID Federation Trust Chain on Keycloak.