Earlier this year, I was working with my colleague Ema on a source-assisted application and architecture assessment for a client who was using Keycloak to implement single sign-on on their applications. The purpose of the assessment was not to audit Keycloak itself. However, being it at the core of the authentication system, we took a look at it. Keycloak is described as a solution for “Open Source Identity and Access Management. Add authentication to applications and secure services with minimu...