Design and Security Evaluation of IAM Module in Microservice Architecture Using Keycloak

Abstract

Identity and security management are relevant concerns in microservice-based systems. The aim of this research is to model and examine a secure and unified Identity and Access Management (IAM) module founded on Keycloak and the NIST SP 800-53 security standard. A case study was conducted in organization that is undergoing digital transformation to a microservice architecture. The system offers authentication and authorization based on roles, attributes, and permissions. Identity federation is achieved via CAS, OIDC, and REST API protocols with custom Service Provider Interfaces (SPI). Testing includes unit testing, integration testing, and security testing. Results show the system functions as designed without show-stopping security vulnerabilities. This study contributes to secure and flexible IAM practices for microservice ecosystems.