Enhancing Keycloak Consent's with IBM Consent Manager casestudies banner image

Enhancing Keycloak Consent's with IBM Consent Manager

The EU GDPR (General Data Protection Regulation) does not require organizations to acquire consent from individuals before using their personal information for commercial reasons, contrary to common assumption. Consumer data, saved in the form of cookies or cookie ids, aids marketers in identifying and comprehending their target market. However, collecting cookies without the consent of customers may result in privacy violations.

As a result, CMP assists in gathering and classifying customers who have consented to the usage of their data and those who have not. The user, on the other hand, has the option of accepting or rejecting the request. Every visitor has the option of giving the publishing permission to reveal his online identity. As a result, if the visitor does not agree with the settings, we will be unable to utilize the cookies. It is a cost-effective solution for every publisher since they allow you to gather customer data legally and in accordance with GDPR.

Receiving consent from users before processing their personal information is crucial to ensuring their privacy so the client required high security during Identity and Access Management to maintain the data privacy of the user considerably stronger. In this situation, we used IBM Consent Manager to provide extremely secure management systems to protect our data.

Challenges faced with Keycloak consent

As Keycloak consents are based on client scopes and must be configured in authenticators or clients wherever necessary. It does not keep track of consents, thus if we accept consents that we added in version 1 and subsequently modified in version 2, it will not provide us the facts that version 1 consent has been superseded by version 2 consent and it cannot be tracked if a user disagreed any non-mandatory consents.

The Solution

Consent management is a process that guides compliance by notifying users about data collection and usage practices. A good consent management process logs and tracks consent collection so that businesses do not need to worry about complying with worldwide laws and regulations. IBM Consent Manager, is designed to help you manage consent requests, securely communicate confidential data, and automate audit trails to fulfil security and privacy requirements.


IBM Consent Manager has a collection of APIs that allow you to agree, revoke, and delete a consent. The APIs will be used to view the privacy policies for each version. IBM has made APIs available to gather and manage these data. While the user is logging in, we need to know if he has accepted to the consent or not. We may incorporate the consent management by making it a mandatory authenticator that must be passed in order to complete the login process. As a trigger, we may provide a required action that the user must take while attempting to login. The user will be unable to login if he or she does not accept the necessary consents. When there are several versions of a consent, IBM always assures that the user has consented to the most recent version.


Keycloak can immediately start utilising that server's APIs based on the URL in configuration. We may point to any server depending on the configuration value. To accept IBM consents, we must provide our user information to the API through access token, along with a list of consents. IBM verifies our token, then examines and accepts the consent list.

Enhanced Customer Experience

Our client has placed a high value on good customer service from the start. Our technique was critical in generating user constraint since it is such an important component in consumer engagement. Because the user constraints were integrated inside the client environment, our clients liked our innovative and intuitive approach, which allowed the process to go even faster.