• Configure Keycloak remote JWKS support

  The JSON Web Key Set (JWKS) is a set of keys containing the public keys used to verify any JSON Web Token (JWT) issued by the authorization server and signed using the RS256 signing algorithm. When building applications and APIs in Cloud-IAM's keycloak deployments, four algorithms are supported for signing JWTs: RS256, RS384, RS512 and HS256. RS256 generates an asymmetric signature, which means that a private key must be used to sign the JWT and a different public key must be used to verify thePopular

• API Authentication

  Cloud-IAM API is the best way to automate everything. From deployments lifecycle management to keycloak extension uploads!Popular

• Keycloak /metrics endpoint

  Cloud-IAM REST API /deployments/ deploymentid /metrics endpoint yield functional metrics about your Keycloak in OpenMetrics format textual representation that came from Prometheus textual representation. It yields counters regarding various parts of your Keycloak deployment.Popular

• Terraform providers

  Cloud-IAM Keycloak deployments are compatible with Keycloak terraform providers because deployed Keycloaks expose the full Keycloak REST admin API. However currently Cloud-IAM does not provide a terraform provider to create or delete deployments. Please contact our support if you are interested.Some readers

• Do Cloud-IAM deployments expose the full Keycloak REST API?

  Yes, full Keycloak REST API is available on most of Cloud-IAM subscription plans. To ensure reliability, Cloud-IAM protects Keycloak REST API with rate limits and quotas.Few readers

• Pulumi Keycloak provider

  Cloud-IAM Keycloak deployments are compatible with Keycloak pulumi provider because deployed Keycloaks expose the full Keycloak REST admin API. However currently Cloud-IAM does not provide a Pulumi provider to create or delete deployments. Please contact our support if you are interested. Troubleshooting Sometimes when adding a neFew readers

• Redirection to a specific Keycloak realm

  When browsing a Cloud-IAM Keycloak's deployment (e.g. https://DEPLOYEMENTNAME.cloud-iam.com/ ) at the root path / the user is redirected to the admin console of the master realm by default. Cloud-IAM customer's might have on of their requirement: Customize the default / redirect behavior Redirect the user to a specific realm's depending on some requirements Setup a static page instead of redirecting the user to the master realm's admin console These kind of features are out ofFew readers

• What plans have script mappers activated?

  The script mapper is depending on the javascript upload profile of Keycloak, which is not activated on Cloud-IAM shared instances (Little Lemur) for security reasons. This feature can be activated on demand on any dedicated plan, starting with Roaring Rabbit whatever the region or the cloud provider targeted.Few readers

• Metrics are missing for a realm

  When creating a new realm in a Keycloak deployment, metrics for this realm are not directly available in Cloud-IAM /metrics REST API endpoint and Cloud-IAM dashboard. In order to let Cloud-IAM know that it musts observe this realm, connect to deployment's Keycloak console, select the realm that must be monitored then go to events then config tab, add metrics-listener in the event listeners section and then don't forget to Save changes. Seconds later, the realm metrics will be availableFew readers

• Keycloak TLS configuration

  For security reasons, most the documented Keycloak TLS configuration you may set through environment variables won't have any real impact on your Cloud-IAM deployment. Cloud-IAM load balancers enforce security standards in order to keep you safe. If you need specific customisations, our support team will always be able to answer you.Few readers

• SSL / TLS protocols supported

  Cloud-IAM only supports TLS protocol v1.2 and v1.3. We don't accept any version of SSL protocol anymore due to previous vulnerabilities.Few readers