Case study

Authentication platform: making Keycloak integration maintainable

A critical authentication platform had to be structured around Keycloak without letting the provider, framework, or integrations contaminate the whole application model.

The engagement combined software architecture, backend design, Hexagonal Architecture, monorepo bootstrapping, and delivery standards to create a base teams could maintain.

Talk about a critical platform Meet Mohammed Hamdoune

Context

A sensitive platform, not a simple connector

Authentication concentrates security, integration, governance, and evolvability constraints. Keycloak was central, but it could not become the internal model of the whole platform.

Main constraints

Isolate the provider

Keycloak choices had to stay at the technical boundary instead of spreading into business use cases.

Make layers useful

Hexagonal Architecture had to clarify responsibilities, not add abstract folders without maintenance value.

Bootstrap delivery

Repo structure, standards, CI/CD, and conventions had to support future increments rather than become parallel documentation.

Decisions

The decisions that protected maintainability

The point was less the pattern itself than the ability to keep a critical platform understandable when integrations evolve.

01
Keycloak as an adapter
Keycloak integrations were kept behind explicit adapters instead of letting the tool define the use cases.
02
Readable ports and use cases
Application responsibilities were separated from infrastructure details to make tests and changes safer.
03
Monorepo as delivery support
Repo structure, conventions, and standards were aligned with boundaries rather than an arbitrary technical organization.
04
Proportionate abstraction
Abstractions were introduced where they protected a real volatility point: provider, integration, tests, or application model.

Delivery

Architecture and implementation in the same movement

The role combined framing, backend design, engineering contribution, and delivery standards. Decisions had to be visible in code, not only in diagrams.

Boundary framing

Boundaries between use cases, adapters, identity provider, and infrastructure were clarified.

Monorepo foundation

Delivery structure was shaped to help the teams continuing the platform evolve it.

Transfer

Patterns were explained through code and conventions to avoid a purely theoretical handoff.

Impact

What the team gets back

On an identity platform, value comes from clear boundaries and confidence to change integrations without breaking the application core.

Boundaries: Clearer separation between use cases, infrastructure, and identity provider.
Keycloak: More contained integration, with less diffuse provider dependency.
Delivery: Monorepo and standards aligned with application structure.
Maintenance: More readable base for the teams continuing the product.

Stack

Technologies and concerns covered

The case mainly strengthens the architecture angle: identity, adapters, boundaries, monorepo and long-term maintainability.

Keycloak
Hexagonal Architecture
Pragmatic DDD
Backend design
Ports & adapters
Monorepo
GitLab CI
Integration tests
Maintainability

Lesson

A critical provider must not become your architecture.

Keycloak can be an excellent component, but the platform lasts longer when the application model keeps its own boundaries.

Software Architecture DDD & Hexagonal Architecture Senior Software Engineering Architecture Audit Back to LRJI