[Feature/功能]: is it possible to add that feature? is it possible or am I wrong? Add support for Keycloak as an external OpenID Connect (OIDC) identity provider to enable enterprise SSO?

[memeklosekeluarga-eng]

Pre-submission Checklist / 提交前检查

• I have searched the existing issues and this feature has not been requested / 我已搜索现有 issues，此功能尚未被提出
• I have read the documentation / 我已阅读文档

Problem Statement / 问题描述

is it possible to add that feature? is it possible or am I wrong?
Add support for Keycloak as an external OpenID Connect (OIDC) identity provider to enable enterprise SSO, centralized user/role management, and standards-based authentication while maintaining backward compatibility with existing API key authentication.
Scope: New authentication method (non-breaking)

Proposed Solution / 期望方案

Integrate Keycloak (via OpenID Connect protocol) as an external identity provider to:

• Authenticate users via centralized Keycloak server
• Map Keycloak roles to AxonHub RBAC system
• Support both API keys AND OIDC tokens simultaneously
• Enable enterprise adoption without breaking existing workflows

Alternatives Considered / 备选方案

Keycloak Documentation

• https://www.keycloak.org/ (official)
• https://www.keycloak.org/securing-apps/oidc-layers (OIDC spec)
• https://www.keycloak.org/docs/latest/securing_apps/ (detailed guide)

Go OIDC Library

• https://github.com/coreos/go-oidc (GitHub repo)
• https://pkg.go.dev/github.com/coreos/go-oidc/v3/oidc
• (documentation)

OpenID Connect

• https://openid.net/connect/ (official spec)
• https://jwt.io/ (JWT debugging tool)

Feature Category / 功能分类

Authentication / Security / 认证 / 安全

Additional Context / 其他补充信息

No response

[looplj]

We will add support for SSO, it is on the todo list, but we can not promise the date to deliver the feature.

[LazuliKao]

Hello! I have implemented Generic OIDC in a PR, but it currently lacks comprehensive testing. If you have some time, I would greatly appreciate your help in testing and improving it.

• Container: https://github.com/LazuliKao/axonhub/pkgs/container/axonhub
• Binaries: https://github.com/LazuliKao/axonhub/releases

Warning: Please do not run this in production environments, or ensure you completely back up your database before testing.

It has been merged and will be released in version 1.0, try official release