A centralized administration application for assigning and delegating rights for organizations and users against various target systems. Built on Keycloak with custom protocol mappers, a Spring Boot admin application, and shared security libraries.
Full documentation is available at https://docs.swedenconnect.se/organizations-iam-app/index.html.
| Module | Description |
|---|---|
| iam-commons | Shared base types (LocalizedString, OrganizationID, etc.) |
| iam-security | Security library: org_rights parsing, authorities, auto-configuration |
| keycloak | Keycloak SPI plugins (org-rights mapper, scope-org-identifier mapper, resource-audience plugin) |
| iam-admin-app | Admin application (Spring Boot backend + React frontend) |
demo |
Demo application and resource server for integration testing |
- Java 21
- Maven
- Docker and Docker Compose
- A hosts file entry mapping
127.0.0.1tolocal.dev.swedenconnect.se
-
Install the Keycloak provider JARs:
./compose/keycloak-scripts/install-keycloak-plugins.sh
-
Start the Keycloak service:
docker compose -f compose/docker-compose.yml up -d keycloak
-
Bootstrap the realm:
./compose/keycloak-scripts/bootstrap-realm.sh \ --realm orgiam \ --username admin \ --password keycloak \ --display-name "Organizations and Users IAM" -
Create the initial admin user:
./compose/keycloak-scripts/create-admin-user.sh \ --realm orgiam \ --username admin \ --password keycloak \ --new-username diggadmin \ --new-password changeme
See compose/README.md for the full local environment setup including all services and client registration.
Copyright © 2026, Myndigheten för digital förvaltning - Swedish Agency for Digital Government (DIGG). Licensed under version 2.0 of the Apache License.