ZMT

We need to integrate Keycloak as the authentication and authorization provider for our Spring Boot application. This includes configuring secure login flows, token validation, and role-based access. Additionally, we must automate the creation/configuration of Keycloak environments (realm, clients, roles, and user setup) to support CI/CD and consistent environment provisioning.

• Users authenticate through Keycloak instead of local Spring Security authentication
• Spring Boot application validates JWT tokens issued by Keycloak
• Keycloak realm and client configuration automated (for dev and prod)
• Ability to manage user roles and access via Keycloak
• Smooth onboarding of new environments and developers

What we need :

1. Keycloak Setup

• Create a Keycloak realm for the application
• Create Keycloak client for Spring Boot
• Define roles and map them to application roles
• Configure user groups/roles and password policies

2. Spring Boot Integration

• Add Keycloak Spring Boot adapter / Spring Security configuration
• Configure JWT / OAuth2 resource server
• Secure endpoints based on roles/authorities
• Implement token validation and refresh logic
• Implement login redirect and logout handling

3. Automation

• Automate Keycloak provisioning (realm, client, roles, users) using: Keycloak Admin CLI or REST API
• Include automation scripts in CI/CD pipeline
• Document environment variables and secrets required

4. Documentation

• Setup guide & local development instructions
• Role/access mapping documentation
• CI/CD integration notes
• Security best practices and maintenance instructions