Overview

TUMApply uses Keycloak as its central identity provider for authentication, token issuance, and identity federation via OpenID Connect (OIDC). Authorization (roles, access checks, data ownership) is handled within the TUMApply server, not in Keycloak.

For the local development Keycloak setup, see the Developer Documentation.

Role Separation

Responsibility	Location
Authentication (login, tokens)	Keycloak
Authorization (roles, access checks)	Spring Boot / DB
User creation on first login	TUMApply server
Role storage	Database

External References

Official Keycloak Documentation
Keycloak Server Administration Guide
Keycloak API Documentation
Keycloak Release Notes

Role Separation​

External References​

Role Separation

External References