[{"data":1,"prerenderedAt":400},["ShallowReactive",2],{"navigation-docs_de":3,"/docs/technologien/keycloak-docs_de":50,"/docs/technologien/keycloak-surround-docs_de":395},[4],{"title":5,"path":6,"stem":7,"children":8,"page":49},"De","/","de",[9],{"title":10,"path":11,"stem":12,"children":13,"page":49},"Docs","/docs","de/1.docs",[14,24],{"title":15,"path":16,"stem":17,"children":18},"Einführung","/docs/getting-started","de/1.docs/1.getting-started/1.index",[19,20],{"title":15,"path":16,"stem":17,"children":-1},{"title":21,"path":22,"stem":23,"children":-1},"Migrations-Fahrplan","/docs/getting-started/migration-fahrplan","de/1.docs/1.getting-started/2.migration-fahrplan",{"title":25,"path":26,"stem":27,"children":28,"page":49},"Technologien","/docs/technologien","de/1.docs/2.technologien",[29,33,37,41,45],{"title":30,"path":31,"stem":32,"children":-1},"Nextcloud","/docs/technologien/nextcloud","de/1.docs/2.technologien/1.nextcloud",{"title":34,"path":35,"stem":36,"children":-1},"Matrix / Element","/docs/technologien/matrix","de/1.docs/2.technologien/2.matrix",{"title":38,"path":39,"stem":40,"children":-1},"ONLYOFFICE","/docs/technologien/onlyoffice","de/1.docs/2.technologien/3.onlyoffice",{"title":42,"path":43,"stem":44,"children":-1},"Ubuntu Linux","/docs/technologien/ubuntu","de/1.docs/2.technologien/4.ubuntu",{"title":46,"path":47,"stem":48,"children":-1},"Keycloak","/docs/technologien/keycloak","de/1.docs/2.technologien/5.keycloak",false,{"id":51,"title":46,"body":52,"description":388,"extension":389,"meta":390,"navigation":391,"path":392,"seo":393,"stem":48,"__hash__":394},"docs_de/de/1.docs/2.technologien/5.keycloak.md",{"type":53,"value":54,"toc":374},"minimark",[55,59,63,68,120,124,129,132,136,139,143,146,150,153,157,160,198,202,205,275,279,329,332,336,354,363,370],[56,57,46],"h1",{"id":58},"keycloak",[60,61,62],"p",{},"Keycloak ist eine Open-Source-Plattform für Identity & Access Management (IAM). Es ersetzt Azure Active Directory / Microsoft Entra ID und bietet Single Sign-On (SSO) für alle Unternehmensanwendungen — hosted auf Ihren eigenen Servern, ohne Abhängigkeit von Microsoft.",[64,65,67],"h2",{"id":66},"was-ersetzt-keycloak","Was ersetzt Keycloak?",[69,70,71,84],"table",{},[72,73,74],"thead",{},[75,76,77,81],"tr",{},[78,79,80],"th",{},"Microsoft-Produkt",[78,82,83],{},"Keycloak-Äquivalent",[85,86,87,96,104,112],"tbody",{},[75,88,89,93],{},[90,91,92],"td",{},"Azure Active Directory (Entra ID)",[90,94,95],{},"Keycloak Realm",[75,97,98,101],{},[90,99,100],{},"Azure SSO",[90,102,103],{},"Keycloak SSO (OIDC / SAML)",[75,105,106,109],{},[90,107,108],{},"Azure MFA",[90,110,111],{},"Keycloak OTP / WebAuthn",[75,113,114,117],{},[90,115,116],{},"Azure AD Groups",[90,118,119],{},"Keycloak Gruppen & Rollen",[64,121,123],{"id":122},"kernfunktionen","Kernfunktionen",[125,126,128],"h3",{"id":127},"single-sign-on-sso","Single Sign-On (SSO)",[60,130,131],{},"Ein zentrales Login für alle Anwendungen: Nextcloud, ONLYOFFICE, Element, Gitea, Odoo, Rocket.Chat und jede weitere OIDC- oder SAML-kompatible Anwendung. Mitarbeiter melden sich einmal an — alle Dienste sind danach zugänglich ohne erneute Passworteingabe.",[125,133,135],{"id":134},"multi-faktor-authentifizierung","Multi-Faktor-Authentifizierung",[60,137,138],{},"Keycloak unterstützt TOTP (Google Authenticator, Aegis), WebAuthn (YubiKey, FIDO2-Hardware-Keys) und SMS-OTP. MFA lässt sich für einzelne Anwendungen, Nutzergruppen oder alle Nutzer erzwingen.",[125,140,142],{"id":141},"benutzerverwaltung","Benutzerverwaltung",[60,144,145],{},"Zentrale Verwaltung aller Nutzer, Gruppen und Berechtigungen in einer Oberfläche. Neue Mitarbeiter werden einmal angelegt und haben sofort Zugang zu allen Anwendungen. Beim Ausscheiden genügt eine Deaktivierung — alle Zugänge werden gleichzeitig gesperrt.",[125,147,149],{"id":148},"ldap-active-directory-integration","LDAP / Active Directory Integration",[60,151,152],{},"Bestehende Active-Directory-Verzeichnisse können in Keycloak synchronisiert werden — ein nahtloser Migrationspfad ohne Datenverlust.",[64,154,156],{"id":155},"integration","Integration",[60,158,159],{},"Keycloak lässt sich mit nahezu jeder modernen Anwendung verbinden:",[161,162,163,170,176,181,187,192],"ul",{},[164,165,166,169],"li",{},[167,168,30],"strong",{}," — Keycloak als OIDC-Provider",[164,171,172,175],{},[167,173,174],{},"Matrix/Element"," — SSO via OIDC",[164,177,178,180],{},[167,179,38],{}," — SSO via SAML 2.0",[164,182,183,186],{},[167,184,185],{},"Gitea, Forgejo"," — OIDC-Login",[164,188,189,186],{},[167,190,191],{},"Grafana, Portainer",[164,193,194,197],{},[167,195,196],{},"Proxmox"," — LDAP / OIDC",[64,199,201],{"id":200},"betrieb-und-hosting","Betrieb und Hosting",[60,203,204],{},"Keycloak läuft als Docker-Container auf einem kleinen Hetzner-Server:",[206,207,212],"pre",{"className":208,"code":209,"language":210,"meta":211,"style":211},"language-bash shiki shiki-themes material-theme-lighter material-theme material-theme-palenight","# Keycloak mit Docker Compose\nservices:\n  keycloak:\n    image: quay.io/keycloak/keycloak:latest\n    environment:\n      KC_DB: postgres\n    command: start\n","bash","",[213,214,215,224,231,237,247,253,262],"code",{"__ignoreMap":211},[216,217,220],"span",{"class":218,"line":219},"line",1,[216,221,223],{"class":222},"sHwdD","# Keycloak mit Docker Compose\n",[216,225,227],{"class":218,"line":226},2,[216,228,230],{"class":229},"sBMFI","services:\n",[216,232,234],{"class":218,"line":233},3,[216,235,236],{"class":229},"  keycloak:\n",[216,238,240,243],{"class":218,"line":239},4,[216,241,242],{"class":229},"    image:",[216,244,246],{"class":245},"sfazB"," quay.io/keycloak/keycloak:latest\n",[216,248,250],{"class":218,"line":249},5,[216,251,252],{"class":229},"    environment:\n",[216,254,256,259],{"class":218,"line":255},6,[216,257,258],{"class":229},"      KC_DB:",[216,260,261],{"class":245}," postgres\n",[216,263,265,269,272],{"class":218,"line":264},7,[216,266,268],{"class":267},"s2Zo4","    command",[216,270,271],{"class":245},":",[216,273,274],{"class":245}," start\n",[125,276,278],{"id":277},"systemanforderungen","Systemanforderungen",[69,280,281,294],{},[72,282,283],{},[75,284,285,288,291],{},[78,286,287],{},"Nutzer",[78,289,290],{},"RAM",[78,292,293],{},"CPU",[85,295,296,307,318],{},[75,297,298,301,304],{},[90,299,300],{},"≤100",[90,302,303],{},"2 GB",[90,305,306],{},"1 vCPU",[75,308,309,312,315],{},[90,310,311],{},"≤500",[90,313,314],{},"4 GB",[90,316,317],{},"2 vCPU",[75,319,320,323,326],{},[90,321,322],{},">500",[90,324,325],{},"8 GB",[90,327,328],{},"4 vCPU",[60,330,331],{},"Keycloak lässt sich auf demselben Server wie Nextcloud betreiben — für kleine Teams (≤25 Nutzer) ist ein CX21 bei Hetzner (5,83 €/Monat) ausreichend.",[64,333,335],{"id":334},"migration-von-azure-ad","Migration von Azure AD",[337,338,339,342,345,348,351],"ol",{},[164,340,341],{},"Keycloak-Instanz aufsetzen und Realm konfigurieren",[164,343,344],{},"Nutzer aus Active Directory / Azure AD exportieren und importieren",[164,346,347],{},"Anwendungen nacheinander auf Keycloak-SSO umstellen (Nextcloud → Element → weitere)",[164,349,350],{},"MFA-Pflicht aktivieren",[164,352,353],{},"Azure AD-Lizenzen kündigen",[355,356,357],"blockquote",{},[60,358,359,362],{},[167,360,361],{},"Tipp:"," Bei der Migration von Azure AD empfehlen wir, zunächst Keycloak parallel zu Azure AD zu betreiben. Anwendungen werden schrittweise umgezogen — so hat ein Fehler bei einer App keine Auswirkungen auf andere Dienste.",[60,364,365,366],{},"Weiter: ",[367,368,369],"a",{"href":35},"Matrix/Element →",[371,372,373],"style",{},"html pre.shiki code .sHwdD, html code.shiki .sHwdD{--shiki-light:#90A4AE;--shiki-light-font-style:italic;--shiki-default:#546E7A;--shiki-default-font-style:italic;--shiki-dark:#676E95;--shiki-dark-font-style:italic}html pre.shiki code .sBMFI, html code.shiki .sBMFI{--shiki-light:#E2931D;--shiki-default:#FFCB6B;--shiki-dark:#FFCB6B}html pre.shiki code .sfazB, html code.shiki .sfazB{--shiki-light:#91B859;--shiki-default:#C3E88D;--shiki-dark:#C3E88D}html pre.shiki code .s2Zo4, html code.shiki .s2Zo4{--shiki-light:#6182B8;--shiki-default:#82AAFF;--shiki-dark:#82AAFF}html .light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html.light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}",{"title":211,"searchDepth":226,"depth":226,"links":375},[376,377,383,384,387],{"id":66,"depth":226,"text":67},{"id":122,"depth":226,"text":123,"children":378},[379,380,381,382],{"id":127,"depth":233,"text":128},{"id":134,"depth":233,"text":135},{"id":141,"depth":233,"text":142},{"id":148,"depth":233,"text":149},{"id":155,"depth":226,"text":156},{"id":200,"depth":226,"text":201,"children":385},[386],{"id":277,"depth":233,"text":278},{"id":334,"depth":226,"text":335},"Single Sign-On und Identity Management als Azure AD-Ersatz — ein zentrales Login für alle Unternehmensanwendungen, DSGVO-konform und self-hosted.","md",{},true,"/de/docs/technologien/keycloak",{"title":46,"description":388},"Mul5WY_AM-1KdDUx3hMA-Ebc20FIrpxoFjvpJsJjaks",[396,399],{"title":42,"path":397,"stem":44,"description":398,"children":-1},"/de/docs/technologien/ubuntu","Das meistgenutzte Linux-Betriebssystem für Unternehmen — stabil, sicher, mit 5 Jahren LTS-Support und vertrauter Oberfläche für Windows-Umsteiger.",null,1775236012483]