OpenZiti with Keycloak

jkovaliov · September 9, 2025, 8:19am

Hi, I’ve started exploring OpenZiti. I want to set up our Keycloak as a JWT identity provider and restrict access to it (Keycloak) for users who haven't passed posture checks, specifically for members of a particular Keycloak group.

Is this achievable? I would appreciate your insights.

TheLumberjack · September 9, 2025, 11:32am

Hi @jkovaliov, welcome to the community and to OpenZiti!

At this time there is no posture check associated to the claims in a token from an IdP. Personally, I think that's an interesting idea, but it's not implemented at this time.

Topic		Replies	Views
OpenZiti use External JWT Signers with keycloak	10	96	March 24, 2025
ZDEW authentication with keycloak Support	1	44	April 1, 2025
OIDC implementation in OpenZiti Ziti Overlay	10	182	July 4, 2025
Zitadel integration General Questions	15	422	June 4, 2024
BrowZer with Zitadel: "Check that this 'externalId' exists and has case-sensitive match" BrowZer	28	159	October 22, 2024

OpenZiti with Keycloak

Related topics