🔐 Authentication & login Open source Privacy ★★★★★
Keycloak
Self-hosted SSO and identity provider
Overview
Keycloak provides enterprise-grade OIDC, OAuth 2.0, and SAML for self-hosted single sign-on.
Replace Google as OAuth provider for Nextcloud, GitLab, Grafana, and internal tools—household or small org IdP.
Free open-source core underpins Red Hat SSO commercially.
Scores
Privacy 5/5
Ease of use 2/5
Features 5/5
Value 5/5
Google Sign-In / OAuth — comparison
Self-hosted alternative to Google Sign-In/OAuth—point apps at Keycloak instead of Google identity.
Pros
- ✓ Full OIDC/SAML/OAuth 2.0
- ✓ Red Hat/IBM enterprise backing
- ✓ MFA and social login federation
- ✓ Integrates with self-hosted stack
Cons & caveats
- − Requires ops and security skills
- − Overkill for solo password storage
- − Java stack resource usage
Best for
- Self-hosted SSO infrastructure
- Team or family IdP
- Nextcloud and dev tool integration
Not ideal for
- Personal password vault only
- Instant no-setup use
Specs
- Pricing
- Self-hosted — Core free (OSS). Red Hat SSO commercial separately.
- Difficulty
- Advanced
- Data location
- Your self-hosted server.
- Platforms
- Self-hosted · Docker · Kubernetes
OIDC/SAMLSSORed Hat支持
Migration from Google Sign-In / OAuth
- 1 Deploy Keycloak on Docker/Kubernetes
- 2 Register OIDC/SAML clients (Nextcloud, etc.)
- 3 Migrate user accounts into Keycloak
- 4 Switch app OAuth configs from Google to Keycloak
Setup steps
- 1 Start Keycloak via Docker Compose
- 2 Create realm and clients in admin console
- 3 Configure OIDC on Nextcloud or other apps
- 4 Create users and verify SSO login flow
Related on Amazon
Books and devices that may help your migration. Verify specs and price before buying.
- Accessories
YubiKey 5 NFC
Hardware 2FA when moving away from “Sign in with Google”.
View on Amazon ↗