wiki

Internal company logins

Simple username/password authentication

LDAP (Lightweight Directory Access Protocol) is a central user directory

It only verifies username and password

It tells the application YES / NO (valid user or not)

User enters username & password

Application sends credentials to LDAP

LDAP verifies user

LDAP returns YES / NO

Application creates its own session

No social login

No JWT / access tokens

No Single Sign-On (SSO)

Hard to manage roles & permissions dynamically

Old technology

Weak for modern APIs and mobile applications

Not provide any public api for authentication or user management

Keycloak is an open‑source identity and access management server developed by Red Hat.Keycloak is OpenID Connect–based.

User login

Roles & permissions management

JWT token generation

Single Sign-On (SSO)

Application → redirects to Keycloak → user logs in → application receives JWT token

We can customize the Keycloak login page using our own theme. We can also manage users through the Keycloak admin interface or by calling Keycloak APIs from our system.

Language independent (works with any backend)

Open-source

GUI‑based role & user management

No role & permission stored in application DB

No role & permission hardcoded in code

SSO ready

Highly scalable

Provide public apis.

Login API

Token generation

Token validation

Create user

Assign role

Update user

Disable user

User clicks Login on application

User is redirected to Keycloak login page

User enters credentials

Keycloak verifies user

Keycloak generates JWT token

User is logged into the application

User data stored in LDAP

Login handled by Keycloak

Keycloak validates user from LDAP

Keycloak issues JWT token to application

No user database in application

No passwords stored in application

Centralized authentication & authorization

But for Keyclock we need to install a keyclock in our server & need to run on another port.

We can install under Same domain

Step : install → run → connect with PHP