keycloak-iamlisted

# Keycloak IAM — operator's reference skill This skill covers running, configuring, deploying, and integrating with **Keycloak**, the open-source identity & access management server. It targets the modern **Quarkus-based** distribution (24.x → 26.6.x as of May 2026; the legacy WildFly distribution was removed years ago). Information is current as of **Keycloak 26.6.1** (released April 2026). The Red Hat build of Keycloak (RHBK) is downstream of upstream Keycloak with longer support windows and the same surface area; advice here applies to both unless explicitly noted. ## How to use this skill Keycloak is a large product. Don't try to load everything — route to one or two reference files based on what the user is asking, then go deep. ``` references/ ├── server-config.md → CLI/env vars, kc.sh, kcadm.sh, hostname, db, cache, │ TLS/proxy, logging, features, bootstrap-admin, KCRAW_ ├── k8s-deployment.md → Operator install, Keycloak CR, KeycloakRealmImport, │ raw manifests, HA topology, probes, autoscaling ├── security-hardening.md → Realm policies, brute force, FGAP v2, client policies │ (FAPI/OAuth 2.1), DPoP, redirect URI safety, recent CVEs ├── integration.md → OIDC/SAML flows, IdP brokering, LDAP/AD federation, │ themes, SPIs, admin clients (Java/JS/kcadm/Terraform) ├── observability.md → Metrics, OTLP tracing, structured