keycloak-theme-sample VS Keycloak

Compare keycloak-theme-sample vs Keycloak and see what are their differences.


Sample Keycloak Theme (by holisticon)


Open Source Identity and Access Management For Modern Applications and Services (by keycloak)
Our great sponsors
  • InfluxDB - Collect and Analyze Billions of Data Points in Real Time
  • Revelo Payroll - Free Global Payroll designed for tech teams
  • SonarQube - Static code analysis for 29 languages.
  • Onboard AI - Learn any GitHub repo in 59 seconds
keycloak-theme-sample Keycloak
1 213
14 17,498
- 1.6%
0.0 9.9
7 months ago 4 days ago
FreeMarker Java
- Apache License 2.0
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.


Posts with mentions or reviews of keycloak-theme-sample. We have used some of these posts to build our list of alternatives and similar projects.

We haven't tracked posts mentioning keycloak-theme-sample yet.
Tracking mentions began in Dec 2020.


Posts with mentions or reviews of Keycloak. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-09-19.
  • JDK 21 Release Notes
    6 projects | | 19 Sep 2023
    > Where's Java primarily used these days?

    I've seen a lot of enterprise-y webdev projects use it for back end stuff (Dropwizard, Spring Boot, Vert.X, Quarkus) and in rare cases even front end (like Vaadin or JSF/PrimeFaces). The IDEs are pretty great, especially the ones by JetBrains, the tooling is pretty mature and boring, the performance is really good (memory usage aside) and the language itself is... okay.

    Curiously, I wanted to run my own server for OIDC/OAuth2 authn/authz and to have common features like registration, password resets and social login available to me out of the box, for which I chose Keycloak:

    Surprise surprise, it's running Java under the hood. I wanted to integrate some of my services with their admin API, seems like the Java library is also updated pretty frequently: whereas ones I found for .NET feel like they're stagnating more: (probably not a dealbreaker, though)

    Then, I wanted to run an APM stack with Apache Skywalking (simpler to self-host than Sentry), which also turns out to be a Java app under the hood:

    Also you occasionally see like bank auth libraries or e-signing libraries be offered in Java as well first and foremost, at least in my country (maybe PHP sometimes): and their app for getting certificates from the government issued eID cards also runs off of Java.

    So while Java isn't exactly "hot" tech, it's used all over the place: even in some game engines, like jMonkeyEngine, or in infrastructure code where something like Go might actually be more comfortable to use.

  • We built the fastest CI in the world. It failed
    11 projects | | 12 Sep 2023
    Their reply is not SSO, it's some toy alternative they're proposing that none of your customers would accept (like saying "Dropbox is just rsync")

    SSO is hairy enough that you can't write it from scratch in any reasonable amount of time for what a typical SaaS needs.

    There's OSS SSO you can host yourself that supports enterprise :

    If you're B2C Firebase Auth is cheap, and doesn't actually require hosting on Firebase

  • Request Level Authentication and Authorization with Istio and Keycloak
    4 projects | | 17 Jul 2023
    Keycloak is an open source authentication service provider and identity and access management tool that lets you add authentication and authorization to applications. It provides all the native authentication features including user federation, SSO, OIDC, user management, and fine-grained authorization.
  • Is anyone using Quarkus for monoithic, full-stack web apps?
    6 projects | /r/java | 21 Jun 2023
    KeyCloak is a massive monolith, lots of authentiation and authorisation methods, multiple DBs supported, liquibase, embedded distributed caches using inifnispan (hotrod), server side rendered frontend... it's running on Quarkus. I've been working on it for around 2 years now. It would be hard for me to go back to Spring-Boot, much prefer Quarkus, even when working on monoliths. Isn't that what you asked about?
  • Keycloak – Open-Source Identity and Access Management Interview
    26 projects | | 18 Jun 2023
    Disclosure: I work for FusionAuth.

    We've had a number of folks migrate from Keycloak due to some of this clunkiness, but I do know they've done some major overhauls recently (moving to Quarkus amongst other things).

    It also used to be super resource intensive if you have a large number of realms (which is what Keycloak calls tenants and Cognito calls user pools). From this 2022 link, more than 100-200 can cause issues:

    26 projects | | 18 Jun 2023
    Sure, you can treat the access token as an opaque token... but at the end of the day it could be a lot smaller.

    Discussed here and

    We also experience a few front-end issues, like when a token expires, the browser tab goes back to the login page. If you leave the tab a while then press login, the token it is using will have expired. Rather than automatically retrieving a new token and posting the login again, the user gets an error message and has to authenticate again.

    If you have two tabs in that state, you log one back in, switch to the other tab, if you refresh that tab, all is well, login proceeds automatically. If you press "login" instead, you get an error page telling you "already logged in" rather than just redirecting you back to the app... it also loses the redirect url so you have to press "back" instead.

    Will see if we can fix these when we have time, it would be nice to contribute back.

    26 projects | | 18 Jun 2023
    Unfortunately, Keycloak currently fails to properly scale for a large-ish (a couple of hundred) number of realms, which can be an issue for use cases with a large number of tenants (as not unusual in a B2B setting):

    This leads among other things to the Admin UI becoming basically unusable:

    We currently have to implement a workaround where we create multiple Keycloak clusters and will have to write some glue to manually route to the correct one based on the realm, but that seems like unnecessary overhead.

    26 projects | | 18 Jun 2023
    Wait, what server information leakage are we talking about? I didn't think keycloak leaked `x-powered-by`, and there's discussion[1] in their repo that shows they understand the concern. All software can be fingerprinted (if not then it has no user visible behavioral differences). Making it trivial to fingerprint a server isn't a good idea, but avoiding it entirely doesn't make sense.

    Was there a specific trivial information leakage you were worried about?


  • what do you use for authentication for apis?
    2 projects | /r/node | 9 Jun 2023
    JWT with custom defined users or keycloak
  • Keycloak vs. Authentik vs. Authelia, help choose SSO
    10 projects | /r/selfhosted | 25 May 2023
    Some random example:

What are some alternatives?

When comparing keycloak-theme-sample and Keycloak you can also consider the following projects:

authelia - The Single Sign-On Multi-Factor portal for web apps

Apache Shiro - Apache Shiro

OPA (Open Policy Agent) - An open source, general-purpose policy engine.

authentik - The authentication glue you need.

IdentityServer - The most flexible and standards-compliant OpenID Connect and OAuth 2.x framework for ASP.NET Core

Spring Security - Spring Security

Ory Kratos - Next-gen identity server (think Auth0, Okta, Firebase) with Ory-hardened authentication, PassKeys, MFA, FIDO2, TOTP, WebAuthn, profile management, identity schemas, social sign in, registration, account recovery, passwordless. Golang, headless, API-only - without templating or theming headaches. Available as a cloud service.

FreeIPA - Mirror of FreeIPA, an integrated security information management solution

Vault - A tool for secrets management, encryption as a service, and privileged access management

caddy-auth-portal - Authentication Plugin for Caddy v2 implementing Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0 (Github, Google, Facebook, Okta, etc.), SAML Authentication. MFA with App Authenticators and Yubico.

oauth2-proxy - A reverse proxy that provides authentication with Google, Azure, OpenID Connect and many more identity providers.

jCasbin - An authorization library that supports access control models like ACL, RBAC, ABAC in Java