Approval System for Keycloak

Keycloak is a highly configurable open-source single sign-on server. In complex deployment environ-
ments, Keycloak can be managed by a team of administrators with hierarchical organizational structure
and different access levels. Each of them then can be responsible for different parts of the server’s
configuration. E.g. one can be responsible for creating new users (like employees), other for managing
user roles and groups and assigning access rights to them and the third could be a master supervising
admin which can do all of it. Some of the changes to the server’s configuration could be even done by
the end-users., e.g. a user can self-register to the system and create an account on their own.

  • Study Keycloak and its codebase.
  • Research the possibilities for Keycloak Approval System.
    • This system would be able to intercept selected server’s configuration-changing
      events, such as creating/registering a new user, user self-requests adding to a group
      and other settings changes in general.
    • Such events/changes won’t be propagated at once but instead an approval request
      would be created.
    • Changes go into effect after the approval request is approved.
    • This behavior should be configurable – what action performed by who should require
      an approval and who will approve it?
  • Design and implement a highly extensible SPI to Keycloak for such Approval System as well as
    example implementation of this SPI (e.g. approvals for user creation/registration).

In mentioned complex systems, Keycloak could be deployed alongside JBoss BPM Suite which is a pow-
erful platform for business process management.In the second part of the thesis:

    • Study JBoss BPM Suite (BPMS).
  • Research the possibilities for integrating the Keycloak Approval System to BPMS processes.
    • It would make sense to handle (to some extent) an approval request from within a
      business process, so the final approve/reject decision could be made based on a (com-
      plex) process logic. This would make the Approval System much more agile.

Diploma thesis specification in PDF – Diploma thesis specification – Václav Muzikář

Leader: Václav Muzikář

Topic: Approval System for Keycloak


University: Masaryk University
Type: Diploma
Date of Defence: 22.6.2018
Grade: A