KeycloakCon Japan 2025

Keycloakify is an open-source tool that simplifies theming in Keycloak by enabling the use of modern frameworks like React, Angular, and Svelte.

It supports customization of login, account, admin, and email interfaces, with real-time previews and standard frontend tooling.

In this session, we’ll walk through how it works, how it’s used in production environments, and how it compares to Keycloak’s built-in theming system.

In this session, we will explain how we standardized and streamlined authentication flows to address the growing workload faced by engineers due to the rapid increase in authentication services.

To tackle the challenging task of building individual authentication flows for over 100 services, we adopted an implementation approach that defines authorization levels using role information and leverages attribute data stored in Keycloak.

By accurately linking user information with imported role data and standardizing authentication flows, we enabled faster updates to authorization systems. Additionally, we implemented centralized policy management for each client using OPA (Open Policy Agent) and policy language, significantly improving maintenance efficiency.

This session will provide practical and scalable design strategies and implementation methods for building robust systems that address au

We have launched a new service which monitors customers' systems.
It uses Keycloak to authenticate for customers and developers to use our service components, for instance, Grafana, ArgoCD, Backstage, Redmine, and so on.

So, Keycloak has personal information, and we have to manage it securely.
We're using Terraform to configure Keycloak, not for making mistakes due to creating by hand. And we don't want to encounter errors when running Terraform code from the developer's PC.
So we're running it from the CD agent. We use Cloud Build, a Google Cloud product, because it provides a private pool that allows us to use a specific IP address.

We'll introduce how to build this CD system and how to use Terraform in my session.

Securing a single application with Keycloak and OIDC/OAuth 2.0 is straightforward, but what about complex microservice architectures, especially those incorporating AI capabilities? This session explores advanced patterns and best practices for leveraging Keycloak within distributed systems built with a specific focus on securing AI applications. We'll go beyond basic authentication and RBAC to implement fine-grained authorization for accessing and utilizing AI models using Keycloak Authorization Services. Topics include efficient token propagation between services (including those hosting AI models), securing service-to-service communication, handling multi-tenancy considerations for AI services, and integrating custom Keycloak policies to control access to sensitive AI functionalities and data. Learn how to build scalable, maintainable, and highly secure microservice ecosystems, including those leveraging AI, powered by Quarkus, Langchain4j, and Keycloak.