The T&C Gatekeeper: Simplifying GDPR Compliance in Keycloak

In the era of data protection regulations, GDPR compliance isn't just a legal requirement—it's a trust-building imperative for businesses. While Keycloak offers robust features for user authentication and authorization, many organizations struggle with the intricate dance of ongoing compliance throughout the user lifecycle. This talk unveils a different than usual approach: a composition of custom Keycloak authenticators that seamlessly integrate policy acceptance into your login flows.

Imagine a world where users effortlessly review and accept client-specific policies before gaining access, all within the familiar Keycloak IDP context. We'll dive deep into the code, demonstrating how to retrieve policies dynamically, present them to users, and gracefully handle acceptance or rejection. This isn't just about ticking compliance boxes; it's about creating a user-friendly, legally sound, and auditable process that respects both your users and regulators.

Discover how this custom solution not only ensures GDPR compliance but also enhances user trust and streamlines your data protection strategy. Whether you're a developer, architect, or compliance officer, you'll walk away with practical insights to elevate your Keycloak implementation and turn GDPR challenges into opportunities for excellence.

The Event Sorcerer with the Keycloak: The Battle against Dynamic Configuration

In the evolving realm of Identity and Access Management (IAM), only the most skilled (event) sorcerers can harness the true power of "the Keycloak". Continue the epic journey we embarked on in the "IAM Doomsday Prepper: Surviving the Apocalypse with Keycloak" session and delve into the art of dynamic, replayable configuration through the power of event sourcing.

Discover how to extend static configurations with sets of dynamic event driven configuration, making your IAM projects resilient against change and highly adaptable. Learn the secrets of coding, versioning, and replaying configurations, ensuring your Keycloak setup is robust, future-proof and, most of all, dynamic.

Join us for a session that blends technical mastery with the lore of IAM, equipping you with the knowledge to wield dynamic configuration like a true sorcerer. By the end, your Keycloak projects will be fortified, ready to face any IAM challenge ahead.

IAM Doomsday Prepper: Surviving the Apocalypse with Keycloak

Abstract:
In the ever-evolving landscape of Identity and Access Management (IAM), it's crucial for organizations to stay prepared and adaptable. While Keycloak has become a popular open-source IAM solution, many projects still rely on UI-based configurations or JSON imports, leaving them vulnerable to human error, scalability issues, and time-consuming maintenance.

This talk will introduce attendees to the concept of configuration as code in Keycloak, focusing on the Keycloak Java Admin Client as a powerful tool for future-proofing IAM systems. By embracing configuration as code, organizations can increase security, reduce errors, and streamline the management of their IAM infrastructure.

Key Takeaways:
- Understand the limitations of UI-based configurations and JSON imports in Keycloak, and why they can be a recipe for disaster.
- Learn how the principles of configuration as code can be applied to Keycloak using the Java Admin Client for enhanced IAM management.
- Discover best practices for implementing configuration as code in Keycloak, including version control, collaboration, and automated testing.
- Gain insights into real-world examples of successful configuration as code implementations in Keycloak, and the benefits they've brought to organizations.

By the end of this talk, attendees will be armed with the knowledge and tools needed to transform their Keycloak projects from ticking time bombs to robust, resilient, and easily maintainable IAM solutions, ensuring they're prepared for any challenges that lie ahead.

Duration: 45-55 minutes

"Clean Hexagonal Onion" with a Dash of DDD in Spring

Unlock the potential of your Spring Boot applications with the powerful 'Clean Hexagonal Onion' architecture pattern. By blending the most effective strategies from Ports & Adapters, Onion Architecture, and Clean Architecture, you'll learn to create resilient, highly adaptable systems that expertly separate concerns and maximize the value of Domain-Driven Design.

We'll tackle advanced topics like CQRS in REST Controllers, effective domain modelling, the strategic use of domain services, decoupling techniques, entity mapping, and creating an Anti Corruption Layer. Plus, we'll explore the mainstream best practices for Domain Events in Spring.

Whether you're looking to optimize existing applications or planning your next big project, join us and take your Spring Boot skills to new heights!

First Public Delivery: JavaLand 2023, Germany

Prerequisite knowledge
- Java
- Docker
- Spring
- basic knowledge in Domain-Driven Design
- SOLID
- Clean Architecture Pattern
- Hexagonal Architecture Pattern
- Onion Architecture Pattern

Participants are required to:
- Bring their own laptop
- Ideally have Docker Desktop installed
- min JDK 11, preferably 17 installed
- Preferably an IDE installed and setup

The Agentic Shift Workshop: From isolated Prompting to Autonomous Software Factories

AI agents promise to write your code, ship your features, and close your tickets before standup. In practice? They hallucinate files that don't exist, refactor things you never asked them to touch, and confidently break your build while telling you everything looks great.

It's time for an intervention.

In this workshop, we'll explore the full spectrum of agentic software development. From overly cautious agents that won't act without hand-holding to reckless ones that rewrite your entire architecture on a whim.
You'll learn where the levers are and how to pull them without everything catching fire. We start at the foundation: context engineering. What an agent knows determines what it does, and what it forgets (context rot) determines what it destroys. Get this wrong and nothing else matters.

Once the agent sees clearly, you need it to behave. That's where skills, instructions, and hooks come in. Repeatable workflows, hard boundaries, and audit points that let you intercept before damage is done.

Then we go structural. The Agent OS workflow introduces spec-driven development: structured feature specs that turn vague intent into verifiable, shippable work. No more hoping the agent guesses right.

By the end, you'll be crafting custom commands and skills tailored to your codebase, your conventions, your way of working, until the agent does exactly what you tell it. Every time. You'll leave with working code, battle-tested configurations, and the confidence that when you say "ship it," it actually ships what you meant.

Who should attend: Developers and technical leads who've used AI coding agents in real projects and are tired of babysitting them. Bring a laptop.

The Agentic Shift: From isolated Prompting to Autonomous Software Factories

You walk in, make your first coffee of the morning, and there it is: a pull request, ready for review. While you slept, your agentic software factory detected a performance regression from production traces, figured out what caused it, and shipped a fix. Bug report, tests, release candidate: all done. All that's left is to hit approve.

This is where agentic software development is heading. Parts of it are already here. But most teams aren't anywhere close. They're still copy-pasting ChatGPT output into their IDE and babysitting agents through tasks that should be trivial. And when the hallucinated code passes review and breaks in production, they're the ones debugging it.

The models are good enough. The problem is everything around them.

We'll start where most teams stumble and build toward a fully integrated agentic software factory. At each step, we add one capability and take one more thing off your plate. Context engineering so agents stop forgetting what matters mid-task. LSP so they understand code structure instead of pattern-matching against text. MCP so they connect to your observability stack, issue tracker, and deployment pipeline. Skills and hooks so one-off prompts become repeatable, auditable workflows. And spec-driven development so intent maps to verifiable output.

We'll cover the patterns that work and the ones that waste your sprint. And we'll glimpse what comes after: agents that collaborate, review, and ship on their own. They still need your sign-off, but they stop needing your attention every five minutes.

Monday morning, you'll open your laptop with a plan: which layer to add first, what to stop doing by hand, and how close your team actually is to that morning coffee PR.

Who should attend: Developers and engineering leads who are done treating AI as fancy autocomplete and want to build agentic workflows that keep running after they close their laptop.