Latest articles

Thoughts on Identity & Access Management, Keycloak, and engineering.

Keycloak vs Auth0 in 2026: What CTOs Need to Know Before Deciding

May 11, 2026 · IAM

Okta acquired Auth0 in 2021 and raised prices. Many companies are now reconsidering their identity stack. Here's the unbiased comparison you need to make the right call.

#keycloak #auth0 #iam #comparison #open-source #identity

Keycloak vs Auth0, Okta, Entra ID, Authentik, Ping Identity, and One Identity. An honest comparison.

May 5, 2026 · IAM

We work with Keycloak every day. That doesn't mean it's the right choice for everyone — but it does mean we know exactly when it is.

#keycloak #iam #auth0 #okta #entra-id #authentik #ping-identity #one-identity #comparison

Keycloak 26.6.0 — Five features graduate to supported

Apr 10, 2026 · News

Keycloak 26.6.0 is a feature release. Five capabilities — JWT Authorization Grant, Federated Client Auth, Workflows, Zero-Downtime Patches, and a new Test Framework — graduate from preview to fully supported.

#keycloak #release #workflows #jwt #zero-downtime #iam

Keycloak 26.5.7 — 7 CVEs patched, two of them critical

Apr 8, 2026 · Security

Keycloak 26.5.7 is almost entirely a security release — 7 CVEs addressed in a single drop, two of them critical. If you run Keycloak in production, this update is not optional.

#keycloak #security #advisory #cve #oidc

Keycloak Advisory: Privilege Escalation in Admin Console (FGAPv2)

Jul 29, 2025 · Security

Keycloak 26.2.x with FGAPv2 enabled is affected by a privilege escalation allowing manage-users admins to self-assign realm-admin.

#keycloak #security #advisory

Keycloak Security Advisory: Phishing via Email Verification in First Login Flow

Jul 29, 2025 · Security

Keycloak security advisory: phishing attack via email verification in first login flow. Affects all versions before 26.2.6, 26.1.5 and 26.0.10.

#keycloak #security #advisory #phishing