PTS2025

Keycloak is a popular open source Identity and Access Management solution that provides single sign-on, user federation, and fine-grained role-based access control. However, in complex setups with multiple realms, roles, and groups, misconfigurations may go unnoticed. In this short talk, I will demonstrate a straightforward way to export Keycloak data (realms, roles, users, groups, etc.) into a Neo4j graph database, then run Cypher queries to pinpoint potential security issues such as privilege escalation. By visualizing Keycloak objects as a graph, we gain a clearer view of relationships and can spot unusual privileges more easily. An open-source tool facilitating this process will be released once the final configuration details are settled, enabling others to replicate and adapt the method.