1. Introduction

Welcome to the documentation about the Univention Keycloak app. The app installs Keycloak, an open source software product for single sign-on with identity and access management. Furthermore, the app adds authentication to applications and secure services.

This documentation is for system administrators who operate the Keycloak app from Univention App Center connected to the LDAP directory in Univention Corporate Server (UCS). It covers the following topics:

1. Installation

2. Update

3. Configuration

4. Database configuration

5. Architecture

6. Requirements and limitations

7. Use cases

8. Troubleshooting

This documentation doesn’t cover the following topics:

• Usage of Keycloak itself, see the Keycloak 25.0 Documentation [1].

• Usage of UCS, see UCS 5.0 Manual [2].

To understand this documentation, you need to know the following concepts and tasks:

• Use and navigate in a remote shell on Debian GNU/Linux derivative Linux distributions like UCS. For more information, see Shell and Basic Commands from The Debian Administrator’s Handbook, Hertzog and Mas [3].

• Manage an app through Univention App Center in UCS 5.0 Manual [2].

• Know the concepts of SAML (Security Assertion Markup Language) and OIDC (OpenID Connect) and the differences between the two standards.

Your feedback is welcome and highly appreciated. If you have comments, suggestions, or criticism, please send your feedback for document improvement.