OpenID Connect (OIDC) flows (Auth Code + PKCE, Implicit, Client Credentials), OAuth 2.0 grants/scopes/claims.
SAML 2.0 basics if you integrate with legacy SPs/IdPs.
Identity brokering vs user federation, trust relationships, metadata, certificates, signing & encryption keys.
Tokens: ID/Access/Refresh tokens, claims, lifetimes, signature algorithms (RS256/ES256), JWKS.
Authentication vs authorization: authentication flows, authorization services (UMA‑style resource‑based auth), policies and permission models.
Keycloak SPIs (Service Provider Interfaces) & provider packaging.
Java 11+
Maven build tooling;
Understanding of Keycloak server architecture: realms, sessions, caches.
Authentication flows & executions (understanding the built‑in execution types and requirements).
JavaScript for script authenticators/policies (note: scripting may be disabled or restricted in some deployments for security).
FreeMarker templates (*.ftl), HTML/CSS
