We've been trying to use keycloak to protect API services provided by financial institutions. Under govermental reguration (e.g. Payment Service Directive(PSD2) in Europe), high level security is required for financial sector. One of the most promising security standard for financial API services is Financial API(FAPI) of OpenID Foundation. This is still implementer’s draft, but banking API systems compliant to FAPI are being implemented in some countries.
We've investigated keycloak and found that keycloak does not meet some of FAPI Security Profile requirements.We've been engaging in realizing them in keycloak, but had a lot of works. Is there someone who is interested in it?