@pascal_flamand profile picture
Pascal FLAMAND @pascal_flamand

CEO Open-IAM and Samarcande Holding- #IdentityManagement - #opensource #keycloak @TelecomValley - @IncubateurPCA - linkedin.com/in/pascal-flama…

Joined September 2016
  • Tweets 3,568
  • Following 751
  • Followers 793
36 Photos and videos
Pinned Tweet
Pascal FLAMAND@pascal_flamand
Mar 20
IAM sovereignty has become a strategic necessity rather than a purely technical option. IAM sovereignty has become a strategic necessity rather than a purely technical option. janua.fr/iam-the-hidden-gdpr…

IAM: The Hidden GDPR Vulnerability in Your Cloud Stack - JANUA.FR

IAM: the hidden GDPR vulnerability in your cloud stack — And how Keycloak fixes it. Continuing the Sovereignty Journey....In a previous article, Digital Sovereignty: Why Your European Business...

janua.fr
18
How to protect your privacy with a secondary email in Keycloak: when authenticating with external services via OAuth2/OpenID Connect, your primary email address is often shared... janua.fr/protect-your-privac… #keycloak #privacy #authentication #IAM

Protect Your Privacy: Secondary Email in Keycloak - JANUA.FR

How to protect your privacy with a secondary email in Keycloak: when authenticating with external services via OAuth2/OpenID Connect, your primary email address is often shared by default in the...

janua.fr
12
A custom http header to token claim mapper for Keycloak : we implement everything for our customers’ use cases. One of our clients asked us: how to pass the locale when authenticating in “client_credentials”? janua.fr/a-custom-http-heade… #keycloak #opensource #security #Authentication

A custom http header to token claim mapper for Keycloak - JANUA.FR

A custom http header to token claim mapper for Keycloak : Our main partner please-open-it implement everything necessary for our customers’ use cases.

janua.fr
30
ReCyF / NIS2: IAM at the heart of cyber compliance. Objective 10 — Identity and Access Management (IAM) — is a central pillar, . This article breaks down these requirements and explains how a sovereign IAM solution like Keycloak addresses them. janua.fr/iam-regulatory-comp…

IAM & Regulatory Compliance - JANUA.FR

ReCyF / NIS2: IAM at the Heart of Cyber Compliance : The ReCyF (French Cybersecurity Framework), published by ANSSI in March 2026, is the operational reference document for anticipating the French...

janua.fr
13
How to get self-locking sessions in Keycloak with PIN step-up authentication : with our partner Please-Open It with share with you this article. janua.fr/self-locking-sessio… #keycloak #redhatSSO #CIAM #SSO #community

Self-locking sessions in Keycloak with PIN step-up authentication - JANUA.FR

Get self-locking sessions in Keycloak with PIN step-up authentication. Have you ever wished your Keycloak sessions could lock themselves after a few minutes of inactivity on sensitive features —...

janua.fr
44
Get rid of your old Active directory/LDAP with keycloak and a small piece of custom software : just a POC for a LDAP bind proxy to log to KeyCloak with LDAP. janua.fr/ldap-bind-proxy-how… #keycloak #redhatsso #IAM #CIAM #OpenSource

LDAP bind proxy : how to log to KeyCloak with LDAP - JANUA.FR

Get rid of your old Active directory/LDAP with keycloak and a small piece of custom software : just a POC for a LDAP bind proxy to log to KeyCloak with LDAP.

janua.fr
45
Keycloak OAuth2-Proxy Configuration Generator: we strongly advocate the use of authentication proxy pattern, the most efficient ways to secure applications without modifying their code. janua.fr/simplify-your-rever… #keycloak #redhatSSO #SSO

Keycloak OAuth2-Proxy Configuration Generator: Simplify Your Reverse Proxy Authentication Setup -...

Keycloak OAuth2-Proxy Configuration Generator: with our main partner Please-Open.It we strongly advocate the use of authentication proxy pattern. As we mentioned in our authentication proxy article,...

janua.fr
34
What is and how to use Keycloak Authenticator. An « authenticator » is a step in an authentication process, called « Authentication flow ». An impressive list of authenticators are available with Keycloak : janua.fr/keycloak-authentica… #keycloak #redhatSSO #SSO #CIAM #IAM

Keycloak Authenticator explained - JANUA.FR

Keycloak Authenticator explained : In this article we will explain through an example what is and how to use Keycloak Authenticator In Keycloak, an "authenticator" is a step in an authentication...

janua.fr
63
How to simplify authentication in any application with an authentication proxy ? Over the years, we’ve encountered the same challenges repeatedly. janua.fr/authentication-prox… #keycloak #redhatSSO #security #community

Authentication Proxy: Simplify Authentication in Any Application - JANUA.FR

Over the years, we’ve encountered the same challenges repeatedly: authentication is complex to integrate, session management is often misunderstood, and authentication concerns are tightly coupled...

janua.fr
68
Keycloak roles restriction and full scopes. Learn with this article how and why you must restrict roles in tokens by turning off « full scope allowed » switch. janua.fr/keycloak-roles-rest…

Keycloak roles restriction and full scopes - JANUA.FR

Keycloak roles restriction and full scopes : for security concerns, you must restrict roles to a subset through the "Full Scope Allowed" Switch as by default a client has "roles" scope as "default"...

janua.fr
42
Pascal FLAMAND retweeted
please-open.it@PleaseOpen_It
3 Oct 2025
Keycloak has announced "workflows" as a preview feature. A welcome feature we already implemented years ago with... n8n. This is how we did : blog.please-open.it/posts/ke…

How we made our custom workflow with Keycloak way before workflow feature

Keycloak has released a preview Workflow feature https://www.keycloak.org/2025/10/workflows-experimental-26-4. Let’s take a look of how we made workflows years before…

blog.please-open.it
2
1
202
Pascal FLAMAND retweeted
please-open.it@PleaseOpen_It
27 Nov 2025
Another module for Keycloak : user attribute regexp mapper Because in Keycloak user attributes are multivalued (with ability to aggregate them with "user attribute mapper"), we added a regexp filter only to send back attribute if it matches. github.com/please-openit/key…

GitHub - please-openit/keycloak-user-attribute-regexp-mapper

Contribute to please-openit/keycloak-user-attribute-regexp-mapper development by creating an account on GitHub.

github.com
2
163
Keycloak roles restriction and full scopes : for security concerns, you must restrict roles to a subset through the « Full Scope Allowed » janua.fr/keycloak-roles-rest…

Keycloak roles restriction and full scopes - JANUA.FR

Keycloak roles restriction and full scopes : for security concerns, you must restrict roles to a subset through the "Full Scope Allowed" Switch as by default a client has "roles" scope as "default"...

janua.fr
30
With our partner please-open.it we implement everything necessary for our customers’ use cases. . How to make your custom workflow with Keycloak ? janua.fr/how-to-make-your-cu… #keycloak #IAM #SSO
64
A JWT decoder in the system tray, to enhance your productivity setting up KeycCloak. With our customers, we decode JWT tokens dozens of times a day. janua.fr/a-jwt-decoder-in-th… #keycloak @redhatSSO #SSO #IAM

A JWT decoder in the system tray for KeyCloak - JANUA.FR

A JWT decoder in the system tray, tips and tricks from our main partner Please-Open-IT to enhance your productivity setting up KeycCloak.

janua.fr
127
A custom http header to token claim mapper for Keycloak : Our main partner please-open-it implement everything necessary for our customers’ use cases. And one of our clients asked us: how to pass the locale when authenticating in “client_credentials”? #keycloak #redhatsso
63
Pascal FLAMAND retweeted
Mathieu Passenaud@mathieupassenau
30 Jul 2025
Tired of always opening jwt.io?

JWT.IO

JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties.

jwt.io
please-open.it@PleaseOpen_It
30 Jul 2025
We built a desktop JWT decoder, directly accessible from the system tray : blog.please-open.it/posts/jw… github.com/please-openit/jwt…
1
5
333
Keycloak User Agent Filter Authenticator: an authenticator that filters the user-agent header for Keycloak to exclude embedded webviews, ensuring compliance with specification requirements. The component reduces the attack surface janua.fr/keycloak-user-agent…

Keycloak User Agent Filter Authenticator - JANUA.FR %

Keycloak User Agent Filter Authenticator: our main partner, Please Open It, created an authenticator that filters the user-agent header for Keycloak to exclude embedded webviews, ensuring compliance...

janua.fr
80
Keycloak roles restriction and full scopes : for security concerns, you must restrict roles to a subset through the « Full Scope Allowed » Switch as by default a client has « roles » scope as « default » ... janua.fr/keycloak-roles-rest…

Keycloak roles restriction and full scopes - JANUA.FR

Keycloak roles restriction and full scopes : for security concerns, you must restrict roles to a subset through the "Full Scope Allowed" Switch as by default a client has "roles" scope as "default"...

janua.fr
1
46
Get rid of your old Active directory/LDAP with keycloak and a small piece of custom software : just a POC for a LDAP bind proxy to log to KeyCloak with LDAP janua.fr/ldap-bind-proxy-how…

LDAP bind proxy : how to log to KeyCloak with LDAP - JANUA.FR

Get rid of your old Active directory/LDAP with keycloak and a small piece of custom software : just a POC for a LDAP bind proxy to log to KeyCloak with LDAP.

janua.fr
69
Load more