Authentication & OIDC Integration
Keycloak stores users and verifies passwords in Enterprise editions. vsay-auth calls Keycloak to verify credentials, then issues its own signed JWT (HS256). All clients use vsay-auth's JWT — not a Keycloak OIDC token.
Organization Management
WebXTerm is built on a multi-tenant architecture where each organization operates independently with its own users, machines, and configurations.