We used keycloak for openid identity provider as well. It is fine to setup keycloak once. But it is painful share the setup with other engineers.

For local development, we end up using dex (https://dexidp.io). When we need support group/role, we use dex and glauth(https://glauth.github.io). Both dex and glauth can be configured with yaml files. We just created a few yaml files and a docker compose file, every engineer can be brought up the whole environment in a few seconds.

Also https://www.authelia.com and https://github.com/goauthentik/authentik look pretty promising, if you need more advanced features from them.

It's actually very easy to share a realm configuration.

In my team, we docker-compose-up KC and the realm gets configured at boot time, by passing the path to a previously exported configuration, which we store in got.

The configuration holds realm data and users.

> But it is painful share the setup with other engineers.

We used keycloak-config-cli [1] it compares a config file stripped of IDs to your Keycloak installation and makes the relevant updates through the REST API.

[1] https://github.com/adorsys/keycloak-config-cli

Glauth looks pretty cool, thanks for sharing! Amazing to me that LDAP was invented in 1993 and is still relevant today.

LDAP (the odd CN=x, OU=y, ... recipient/originator addressing format) is based on even older (1980's) ITU-T OSI X.400/X.500 ...

Everything made since is simultaneously more complicated and less useful, and LDAP just does one thing well, so it's here to stay

Wishlife | South San Francisco, CA | Frontend Engineer / Fullstack | REMOTE, VISA

Wishlife is a well funded startup in South San Francisco, CA. We are building a family video communication platform for financial companies.

We are looking for Frontend/Fullstack developer to join our team.

Stack: React/React Native, Clojure, GraphQL, ffmpeg, Apache Pulsar, Kubernetes and AWS.

Email me at: Lei [at] wishlife.com