Is it me or Keycloak became the de facto OSS IdP practically overnight? If so, yhy is that?

@buherator curious: What do you mean with overnight? Keycloak is at least 10 years old now and I’ve encountered instances of it many times. Maybe it got more popular since its donation to the CNCF in 2023?

@ulldma Can't tell about the exact time, but it felt like all of our clients suddenly started to using it a few years back. Maybe the timing is more about some local environmental change, but it's still interesting that it's always Keycloak not some other implementation esp. for OIDC.

@buherator swap our own bugs to somebody else’s bugs.

@zilahu But why always Keycloak's bugs?

@buherator Ah I see. I‘d guess that for enterprises it counts a lot that Red Hat is the company behind Keycloak. (But it‘s only a guess)

@ulldma That makes sense!

@buherator funny that you mention keycloak on the very same day that we chose to disclose some vulnerabilities in it 🤷‍♂️ https://security.humanativaspa.it/an-analysis-of-the-keycloak-authentication-system/

@raptor wow nice! We've been discussing a Keycloak research idea for some time, really curious about what you found!

@buherator I wasn’t involved in this specific research. But my gut feeling is that there’s more of it…