Keycloak-as-a-Service – Open-Source Vendor-LockIn?

Keycloak-as-a-Service – Open-Source Vendor-LockIn?

Keycloak is one of the most well-known open-source products in the field of Single Sign-On and authentication. As described on our page: cidaas the Keycloak alternative, Keycloak comes with some disadvantages.

In addition to the lack of feature completeness and future readiness (time-to-market), this also includes the high operating costs and the lack of support for Keycloak. In recent years, a number of providers have therefore been found who offer Keycloak-as-a-Service. The spectrum ranges from providers who offer Keycloak as hosting, to providers who take Keycloak as a basic building block and expand it with their own developments. In the following, we take a look at the two aforementioned forms of Keycloak-as-a-Service.

Keycloak-as-a-Service – Hosting Service

Many companies using Keycloak struggle to find experts who can ensure the implementation and operation of Keycloak. Reliable operation of Keycloak 7 days a week and 24 hours a day (24×7) requires a large team of experts who are familiar with Keycloak and the topic of Single Sign-On. For Keycloak users, this way leads to a relief for the time being. The outstanding advantage of Keycloak – you get something for free – is thus obsolete. In the end, the cost advantage may even be a disadvantage because these operating costs are higher than subscribing to a ready-made Cloud Identity & Access Management (Cloud IAM). Once you have arrived at Hosted Keycloak, the question of comparing the functions of a cloud IAM and Keycloak quickly arises, and that is where cidaas comes out on top, apart from the fact that it is continuously developing and automatically updating in the background. After all, security in the area of identity management should not be limited to a firewall, but must be supported with fraud detection patterns as in cidaas – hosting may not be enough.

Keycloak logo cidaas logo
Support Keycloak cidaas
Operation Keycloak cidaas
Feature-Completeness Keycloak cidaas
Future-Readiness Keycloak cidaas

Keycloak-as-a-Service – Open Source as a Product

Keycloak is developed by Redhat in Java, with extensive use of the Redhat Java libraries and services. The original operating model was defined quite simply. As a Keycloak user, one installs a corresponding database, then Keycloak, which is based on an application server, on various server systems for development, testing and production – the operation teams then take over the operational management.

In the meantime, in addition to the “Keycloak Hosting Service”, companies have also started with placing their own IAM service based on Keycloak with meaningful product names and with some additional functions, so to speak “Open Source as a Product”. That sounds good at first, because why should you take the long and stony path and start from the drawing board when there is already an open-source solution that you can further develop individually?

  1. The rights of use defined with open source must be taken into account, which can restrict operation and further development,
  2. the rights of use can be changed by the manufacturer as a whole with a new version, so the next version may already no longer be open source,
  3. the IAM service provider depends on the corporate policy of the open-source provider, should the latter decide not to invest further in Keycloak or pursue point 2, then further development is questionable – the half-life of open source is known to be significantly shorter than that of commercial solutions.
  4. Finally, the IAM service provider can only build on the functions that Keycloak offers, and this applies to the range of functions as well as to the time of provision in the software version

Modern IAM solutions like cidaas do not have these dependencies but are actually modularly designed on the drawing board and have a highly scalable technology stack with which climate neutrality, without Java, can also be better achieved.


Keycloak hosting and Keycloak product derivatives expand the range of cloud IAM services. If you are thinking about a cloud IAM or no longer want to operate your own keycloak in your own data centre, you should sound out the market beforehand and use a modern, future-proof cloud IAM such as cidaas.

The migration from Keycloak to cidaas has been successfully tested in practice many times and is easier than perhaps thought.