This is from the REST API docs of Keycloak.
https://keycloak.org/docs-api/12.0/...

At least its documented

That's a red flag. Don't use that software.

@Oktokolo what do you propose? Keycloak is probably the best tool for this job and really extendible.

@stop

https://alternativeto.net/software/...

FreeIPA seems suitable.

@sariel While FreeIPA also does "central authentication", Keycloak and FreeIPA do not have the same purpose, and are certainly not alternatives.

@stop
I don't know, what you would use if you would really want to do single signon.

But that beast is written in Java and Java probably is the one language with the most mature refactoring support in IDEs. So if they aren't living the refactoring mindset even while doing Java...
The codebase has to be a dumpster fire of security issues - which isn't the most desirable property of software literally used for securing things.

P.S.:
https://bountyplease.com/attacking-...

@Oktokolo i looked at the cve list and around 15 high and 3 critical bugs(43 cves in the nvd for this application as whole).
i think for an 6 year old software its not bad, especially since its the base of an redhat-product.
and the article is about attacking keycloak if the admin makes some config errrors. This is something that can happen with every software with this scope.