please-open.it's Avatar

please-open.it

@please-open-it

We can help you on your authentication Keycloak experts

41
Followers 3
Following 14
Posts 04.10.2023
Joined
Posts Following

Latest posts by please-open.it @please-open-it

Get self-locking sessions in Keycloak with PIN step-up authentication Keycloak supports of Authentication Context Class Reference allows you to add so low friction PIN re-authentication for sensitive actions. Adressing one of the most and unadressed problem of authentic...

Lock your session without logging out in Keycloak by using a PIN code

blog.please-open.it/posts/acr-lo...

04.03.2026 13:43 ๐Ÿ‘ 2 ๐Ÿ” 3 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0
Keycloak OAuth2-Proxy Configuration Generator: Simplify Your Reverse Proxy Authentication Setup Discover our new Keycloak SPI extension that automatically generates OAuth2-Proxy configurations. Export ready-to-use environment variables or complete configuration files directly from your Keycloak ...

oauth2proxy configuration generator for Keycloak
blog.please-open.it/posts/oauth2...

22.01.2026 15:04 ๐Ÿ‘ 0 ๐Ÿ” 2 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0
Why Your European Business Is Probably Breaking GDPR Law Right Now How american and european laws are conflicting putting european businesses in an impossible situation.

European Companies: if you host your data with a US cloud provider, you are not GDPR-compliant. โš ๏ธ
The Cloud Act overrides data location.
Yes, even if your servers are in Europe.
โฌ‡๏ธ
blog.please-open.it/posts/cloud-...

20.01.2026 13:25 ๐Ÿ‘ 1 ๐Ÿ” 0 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 1
Authentication Proxy: Simplify Authentication in Any Application Discover how to add authentication to any application without code changes using our NGINX-based OpenID Connect proxy. Separate authentication from development, define public vs private URLs, and depl...

An authentication proxy is the best pattern for deploying SSO on existing and new apps.
The proxy is in charge of the authentication mechanism, the application receive authenticated requests with the user's details in HTTP Headers.
blog.please-open.it/posts/auth-p...

23.12.2025 10:51 ๐Ÿ‘ 0 ๐Ÿ” 2 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0
Preview
GitHub - please-openit/jwt-decode-bash: a bash script to decode and verify jwt tokens a bash script to decode and verify jwt tokens. Contribute to please-openit/jwt-decode-bash development by creating an account on GitHub.

After oidc-bash, we tried to make a JWT Decoder in bash. It was so complicated with the signatures!

github.com/please-openi...

02.12.2025 08:20 ๐Ÿ‘ 3 ๐Ÿ” 3 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0
Preview
GitHub - please-openit/keycloak-user-attribute-regexp-mapper Contribute to please-openit/keycloak-user-attribute-regexp-mapper development by creating an account on GitHub.

Another module for Keycloak :
user attribute regexp mapper

Because in Keycloak user attributes are multivalued (with ability to aggregate them with "user attribute mapper"), we added a regexp filter only to send back attribute if it matches.

github.com/please-openi...

27.11.2025 09:59 ๐Ÿ‘ 0 ๐Ÿ” 1 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0
Preview
GitHub - please-openit/keycloak-groups-regexp-mapper Contribute to please-openit/keycloak-groups-regexp-mapper development by creating an account on GitHub.

New Keycloak module : groups regexp mapper. Map only groups (to a token, userinfo...) that only matches to a RegExp

github.com/please-openi...

06.11.2025 11:23 ๐Ÿ‘ 0 ๐Ÿ” 0 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0
A custom http header to token claim mapper for Keycloak Map an HTTP header value to a claim in a token. This solution was needed for a specific use case : keep the user locale.

Map HTTP headers to claims in tokens. We built this to support locales during a client_credentials authentication process

blog.please-open.it/posts/keyclo...

31.07.2025 08:30 ๐Ÿ‘ 1 ๐Ÿ” 2 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0
Post image

We built a desktop JWT decoder, directly accessible from the system tray :

blog.please-open.it/posts/jwt_de...

github.com/please-openi...

30.07.2025 10:26 ๐Ÿ‘ 2 ๐Ÿ” 0 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 1
User Agent Filter Authenticator We develop a new plugin for Keycloak that filters the user-agent header on authentication request.

An authenticator to match rfc8252 8.12 ! "native apps MUST NOT use embedded user-agents to perform authorization requests and allows that authorization endpoints MAY take steps to detect and block authorization requests in embedded user-agents"
blog.please-open.it/posts/user-a...

05.06.2025 07:43 ๐Ÿ‘ 0 ๐Ÿ” 1 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0
Please Open It Blog Keycloak as a service - oauth2/openid connect consulting

Deploy keycloak on dokku
Ready for production, with themes and SPIs built directly
please-open.it/blog/keycloa...

30.12.2024 17:15 ๐Ÿ‘ 1 ๐Ÿ” 2 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0
Post image

In Keycloak, you MUST take a look and uncheck "full scope allowed" checkbox if you use roles.
blog.please-open.it/full-scope-a...

02.12.2024 12:43 ๐Ÿ‘ 0 ๐Ÿ” 1 ๐Ÿ’ฌ 1 ๐Ÿ“Œ 1
Please Open It Blog Keycloak as a service - oauth2/openid connect consulting

a "no code" event-listener for Keycloak with @n8n-io.bsky.social
blog.please-open.it/event-listen...

20.11.2024 09:52 ๐Ÿ‘ 1 ๐Ÿ” 2 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0
Our vision about authorizations After years of consulting, we created our own authorization platform

How and why we built our own authorizations platform. Spoiler : avoid "authorizations as code" platforms, what you need is a specific data model for your needs
blog.please-open.it/authz/

06.11.2023 13:33 ๐Ÿ‘ 5 ๐Ÿ” 2 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0