Reference SSO

As of 2025-01-01, Keycloak is being used as the reference Single Sign On (SSO) server for access to millions of existing online applications e.g. through standard protocols like OpenID Connect, OAuth 2.0 and SAML 2.0.

• https://www.keycloak.org/

Minimum Version

Keycloak needs constant updates, there are no Long Term Support versions.

As of 2025-11-1, you should be on at least 26.4.1

• Releases · keycloak/keycloak · GitHub

Support

• Discussions
  https://keycloak.discourse.group/

• Themes
  Server Developer Guide

Authentication Web Proxy

Current Team Compute default is APISIX

• Apache APISIX

Alternatives

For web application that does NOT have built in OIDC or SAML, instead of using APISIX, other proxy can be put in front as an extra layer of protection.

• Oauth-Proxy
  GitHub - oauth2-proxy/oauth2-proxy: A reverse proxy that provides authentication with Google, Azure, OpenID Connect and many more identity providers.

• Nginx
  ttps://www.reddit.com/r/selfhosted/comments/trf8h3/nginx_auth_request_and_keycloak/

Compatible Software

Non-Free Software

Some software charges for their Identity Server (Single Sign On) features: