2025-07-03, 10:45–11:05 (Europe/Paris), Amphitheater 122
Keycloak is a popular open source Identity and Access Management solution that provides single sign-on, user federation, and fine-grained role-based access control. However, in complex setups with multiple realms, roles, and groups, misconfigurations may go unnoticed. In this short talk, I will demonstrate a straightforward way to export Keycloak data (realms, roles, users, groups, etc.) into a Neo4j graph database, then run Cypher queries to pinpoint potential security issues such as privilege escalation. By visualizing Keycloak objects as a graph, we gain a clearer view of relationships and can spot unusual privileges more easily. An open-source tool facilitating this process will be released once the final configuration details are settled, enabling others to replicate and adapt the method.
Key points covered:
- Simple export of Keycloak objects (realms, roles, users, groups, etc.) into Neo4j
- Using Cypher queries to detect or visualize security gaps
- Practical examples of identifying overlooked or excessive privileges
- Maintaining a clearer overview of complex IAM configurations
- Details on the upcoming open-source release for easy replication
Kévin Schouteeten is a pentester at Synacktiv in Paris. He is part of a team dedicated to offensive information security, having spent the last 16 years as a developer, malware analyst, and now focusing on penetration testing across a wide variety of technologies.