{"id":3687,"date":"2026-04-20T13:34:00","date_gmt":"2026-04-20T13:34:00","guid":{"rendered":"https:\/\/www.captcha.eu\/?p=3687"},"modified":"2026-04-20T14:02:45","modified_gmt":"2026-04-20T14:02:45","slug":"keycloak-recaptcha-alternative","status":"publish","type":"post","link":"https:\/\/www.captcha.eu\/de\/keycloak-recaptcha-alternative\/","title":{"rendered":"Keycloak reCAPTCHA Alternative f\u00fcr europ\u00e4ische Teams (2026)"},"content":{"rendered":"\n<figure class=\"wp-block-image size-large is-resized\"><img data-dominant-color=\"d8e5f3\" data-has-transparency=\"false\" loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"576\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" src=\"https:\/\/www.captcha.eu\/wp-content\/uploads\/2026\/04\/Captcha.eu-5-1024x576.jpg\" alt=\"Keycloak reCAPTCHA alternative illustration for European teams, showing an \u201cI\u2019m not a robot\u201d checkbox replaced by a .eu user verification system with a security shield, EU flag, and European country icons.\" class=\"wp-image-3690 not-transparent\" style=\"--dominant-color: #d8e5f3; width:1200px;height:auto\" srcset=\"https:\/\/www.captcha.eu\/wp-content\/uploads\/2026\/04\/Captcha.eu-5-1024x576.jpg 1024w, https:\/\/www.captcha.eu\/wp-content\/uploads\/2026\/04\/Captcha.eu-5-300x169.jpg 300w, https:\/\/www.captcha.eu\/wp-content\/uploads\/2026\/04\/Captcha.eu-5-768x432.jpg 768w, https:\/\/www.captcha.eu\/wp-content\/uploads\/2026\/04\/Captcha.eu-5-1536x864.jpg 1536w, https:\/\/www.captcha.eu\/wp-content\/uploads\/2026\/04\/Captcha.eu-5-18x10.jpg 18w, https:\/\/www.captcha.eu\/wp-content\/uploads\/2026\/04\/Captcha.eu-5.jpg 1920w\" \/><figcaption class=\"wp-element-caption\">captcha.eu<\/figcaption><\/figure>\n\n\n\n<p>Keycloak ships with reCAPTCHA built into its registration flow. For European organisations, that default creates cookies, US data transfers, and a privacy documentation burden on the three flows that matter most: login, registration and password reset. This guide explains how to replace reCAPTCHA in Keycloak with a cookieless, EU-hosted alternative and walks through the exact configuration for each authentication flow.<\/p>\n\n\n\n<p class=\"wp-block-yoast-seo-estimated-reading-time yoast-reading-time__wrapper\"><span class=\"yoast-reading-time__icon\"><svg aria-hidden=\"true\" focusable=\"false\" data-icon=\"clock\" width=\"20\" height=\"20\" fill=\"none\" stroke=\"currentColor\" style=\"display:inline-block;vertical-align:-0.1em\" role=\"img\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewBox=\"0 0 24 24\"><path stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\" d=\"M12 8v4l3 3m6-3a9 9 0 11-18 0 9 9 0 0118 0z\"><\/path><\/svg><\/span><span class=\"yoast-reading-time__spacer\" style=\"display:inline-block;width:1em\"><\/span><span class=\"yoast-reading-time__descriptive-text\">Estimated reading time: <\/span><span class=\"yoast-reading-time__reading-time\">14<\/span><span class=\"yoast-reading-time__time-unit\"> minutes<\/span><\/p>\n\n\n\n<div class=\"wp-block-buttons is-layout-flex wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button is-style-fill\"><a class=\"wp-block-button__link has-input-field-color has-primary-background-color has-text-color has-background has-link-color has-border-color has-border-border-color wp-element-button\" href=\"https:\/\/www.captcha.eu\/login\" style=\"border-width:1px\">Try CAPTCHA.eu free &#8211; no credit card<\/a><\/div>\n\n\n\n<div class=\"wp-block-button is-style-fill\"><a class=\"wp-block-button__link has-sky-blue-color has-background-background-color has-text-color has-background has-link-color has-border-color has-border-border-color wp-element-button\" href=\"https:\/\/docs.captcha.eu\/\" style=\"border-width:1px\">View all integrations<\/a><\/div>\n<\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading has-text-color has-link-color has-large-font-size wp-elements-a4a169f93391bf0001cecbcece27a91c\" id=\"h-at-a-glance\" style=\"color:#2b7ca4\">At a Glance<\/h2>\n\n\n\n<div class=\"wp-block-premium-container premium-container-037318b43fa8  alignfull premium-is-root-container\"><div class=\"premium-container-inner-blocks-wrap\">\n<div class=\"wp-block-essential-blocks-infobox  root-eb-infobox-6648h\"><div class=\"eb-parent-wrapper eb-parent-eb-infobox-6648h \"><div class=\"eb-infobox-6648h eb-infobox-wrapper\"><div class=\"infobox-wrapper-inner\"><div class=\"contents-wrapper\"><h3 class=\"title\"><strong><strong>The core problem<\/strong><\/strong><\/h3><p class=\"description\">Keycloak&#8217;s built-in reCAPTCHA sets the _grecaptcha cookie, routes verification through Google infrastructure, and creates ePrivacy consent questions on your most sensitive authentication flows.<\/p><\/div><\/div><\/div><\/div><\/div>\n\n\n\n<div class=\"wp-block-essential-blocks-infobox  root-eb-infobox-8tstg\"><div class=\"eb-parent-wrapper eb-parent-eb-infobox-8tstg \"><div class=\"eb-infobox-8tstg eb-infobox-wrapper\"><div class=\"infobox-wrapper-inner\"><div class=\"contents-wrapper\"><h3 class=\"title\"><strong><strong><strong><strong><strong>Why auth flows are different<\/strong><\/strong><\/strong><\/strong><\/strong><\/h3><p class=\"description\">Login, registration, and password reset are pages users must complete before they can access anything. Third-party dependencies here carry more compliance and security weight than on a standard contact form.<\/p><\/div><\/div><\/div><\/div><\/div>\n\n\n\n<div class=\"wp-block-essential-blocks-infobox  root-eb-infobox-9j9e7\"><div class=\"eb-parent-wrapper eb-parent-eb-infobox-9j9e7 \"><div class=\"eb-infobox-9j9e7 eb-infobox-wrapper\"><div class=\"infobox-wrapper-inner\"><div class=\"contents-wrapper\"><h3 class=\"title\"><strong><strong><strong><strong>The practical fix<\/strong><\/strong><\/strong><\/strong><\/h3><p class=\"description\">A proof-of-work CAPTCHA plugin installed as a JAR: no cookies, no US transfers, no cookie-consent layer for the CAPTCHA itself, with a much simpler third-party review profile, and configurable per Keycloak flow in under an hour.<\/p><\/div><\/div><\/div><\/div><\/div>\n<\/div><\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n<div class=\"root-eb-toc-mvnk2 wp-block-essential-blocks-table-of-contents\"><div class=\"eb-parent-wrapper eb-parent-eb-toc-mvnk2 \"><div class=\"eb-toc-container eb-toc-mvnk2  eb-toc-is-not-sticky eb-toc-collapsible eb-toc-initially-not-collapsed eb-toc-scrollToTop style-1 list-style-none\" data-scroll-top=\"false\" data-scroll-top-icon=\"fas fa-angle-up\" data-collapsible=\"true\" data-sticky-hide-mobile=\"false\" data-sticky=\"false\" data-scroll-target=\"scroll_to_toc\" data-copy-link=\"false\" data-editor-type=\"\" data-hide-desktop=\"false\" data-hide-tab=\"false\" data-hide-mobile=\"false\" data-itemCollapsed=\"false\" data-highlight-scroll=\"false\"><div class=\"eb-toc-header\"><h2 class=\"eb-toc-title\">What this guide covers<\/h2><\/div><div class=\"eb-toc-wrapper \" data-headers=\"[{&quot;level&quot;:2,&quot;content&quot;:&quot;At a Glance&quot;,&quot;text&quot;:&quot;At a Glance&quot;,&quot;link&quot;:&quot;at-a-glance&quot;},{&quot;level&quot;:2,&quot;content&quot;:&quot;Why reCAPTCHA creates specific problems in Keycloak&quot;,&quot;text&quot;:&quot;Why reCAPTCHA creates specific problems in Keycloak&quot;,&quot;link&quot;:&quot;why-recaptcha-creates-specific-problems-in-keycloak&quot;},{&quot;level&quot;:2,&quot;content&quot;:&quot;Keycloak CAPTCHA alternatives compared&quot;,&quot;text&quot;:&quot;Keycloak CAPTCHA alternatives compared&quot;,&quot;link&quot;:&quot;keycloak-captcha-alternatives-compared&quot;},{&quot;level&quot;:2,&quot;content&quot;:&quot;The three flows to protect&quot;,&quot;text&quot;:&quot;The three flows to protect&quot;,&quot;link&quot;:&quot;the-three-flows-to-protect&quot;},{&quot;level&quot;:2,&quot;content&quot;:&quot;Which Keycloak version are you running?&quot;,&quot;text&quot;:&quot;Which Keycloak version are you running?&quot;,&quot;link&quot;:&quot;which-keycloak-version-are-you-running&quot;},{&quot;level&quot;:2,&quot;content&quot;:&quot;Installation: adding the CAPTCHA.eu plugin to Keycloak&quot;,&quot;text&quot;:&quot;Installation: adding the CAPTCHA.eu plugin to Keycloak&quot;,&quot;link&quot;:&quot;installation-adding-the-captchaeu-plugin-to-keycloak&quot;},{&quot;level&quot;:2,&quot;content&quot;:&quot;Configure the browser login flow&quot;,&quot;text&quot;:&quot;Configure the browser login flow&quot;,&quot;link&quot;:&quot;configure-the-browser-login-flow&quot;},{&quot;level&quot;:2,&quot;content&quot;:&quot;Configure the registration flow&quot;,&quot;text&quot;:&quot;Configure the registration flow&quot;,&quot;link&quot;:&quot;configure-the-registration-flow&quot;},{&quot;level&quot;:2,&quot;content&quot;:&quot;Configure the password reset flow&quot;,&quot;text&quot;:&quot;Configure the password reset flow&quot;,&quot;link&quot;:&quot;configure-the-password-reset-flow&quot;},{&quot;level&quot;:2,&quot;content&quot;:&quot;Protect Keycloak login, registration and password reset&quot;,&quot;text&quot;:&quot;Protect Keycloak login, registration and password reset&quot;,&quot;link&quot;:&quot;protect-keycloak-login-registration-and-password-reset&quot;},{&quot;level&quot;:2,&quot;content&quot;:&quot;Deployment notes: Docker, Kubernetes, and Red Hat SSO&quot;,&quot;text&quot;:&quot;Deployment notes: Docker, Kubernetes, and Red Hat SSO&quot;,&quot;link&quot;:&quot;deployment-notes-docker-kubernetes-and-red-hat-sso&quot;},{&quot;level&quot;:2,&quot;content&quot;:&quot;How to verify the migration worked&quot;,&quot;text&quot;:&quot;How to verify the migration worked&quot;,&quot;link&quot;:&quot;how-to-verify-the-migration-worked&quot;},{&quot;level&quot;:2,&quot;content&quot;:&quot;GDPR checklist after switching&quot;,&quot;text&quot;:&quot;GDPR checklist after switching&quot;,&quot;link&quot;:&quot;gdpr-checklist-after-switching&quot;},{&quot;level&quot;:2,&quot;content&quot;:&quot;Frequently Asked Questions&quot;,&quot;text&quot;:&quot;Frequently Asked Questions&quot;,&quot;link&quot;:&quot;frequently-asked-questions&quot;},{&quot;level&quot;:2,&quot;content&quot;:&quot;Related reading&quot;,&quot;text&quot;:&quot;Related reading&quot;,&quot;link&quot;:&quot;related-reading&quot;},{&quot;level&quot;:2,&quot;content&quot;:&quot;Try the European alternative built for privacy-first deployments&quot;,&quot;text&quot;:&quot;Try the European alternative built for privacy-first deployments&quot;,&quot;link&quot;:&quot;try-the-european-alternative-built-for-privacy-first-deployments&quot;}]\" data-visible=\"[true,true,false,false,false,false]\" data-delete-headers=\"[{&quot;label&quot;:&quot;At a Glance&quot;,&quot;value&quot;:&quot;at-a-glance&quot;,&quot;isDelete&quot;:true},{&quot;label&quot;:&quot;Why reCAPTCHA creates specific problems in Keycloak&quot;,&quot;value&quot;:&quot;why-recaptcha-creates-specific-problems-in-keycloak&quot;,&quot;isDelete&quot;:false},{&quot;label&quot;:&quot;Keycloak CAPTCHA alternatives compared&quot;,&quot;value&quot;:&quot;keycloak-captcha-alternatives-compared&quot;,&quot;isDelete&quot;:false},{&quot;label&quot;:&quot;The three flows to protect&quot;,&quot;value&quot;:&quot;the-three-flows-to-protect&quot;,&quot;isDelete&quot;:false},{&quot;label&quot;:&quot;Which Keycloak version are you running?&quot;,&quot;value&quot;:&quot;which-keycloak-version-are-you-running&quot;,&quot;isDelete&quot;:false},{&quot;label&quot;:&quot;Installation: adding the CAPTCHA.eu plugin to Keycloak&quot;,&quot;value&quot;:&quot;installation-adding-the-captchaeu-plugin-to-keycloak&quot;,&quot;isDelete&quot;:false},{&quot;label&quot;:&quot;Configure the browser login flow&quot;,&quot;value&quot;:&quot;configure-the-browser-login-flow&quot;,&quot;isDelete&quot;:false},{&quot;label&quot;:&quot;Configure the registration flow&quot;,&quot;value&quot;:&quot;configure-the-registration-flow&quot;,&quot;isDelete&quot;:false},{&quot;label&quot;:&quot;Configure the password reset flow&quot;,&quot;value&quot;:&quot;configure-the-password-reset-flow&quot;,&quot;isDelete&quot;:false},{&quot;label&quot;:&quot;Protect Keycloak login, registration and password reset&quot;,&quot;value&quot;:&quot;protect-keycloak-login-registration-and-password-reset&quot;,&quot;isDelete&quot;:true},{&quot;label&quot;:&quot;Deployment notes: Docker, Kubernetes, and Red Hat SSO&quot;,&quot;value&quot;:&quot;deployment-notes-docker-kubernetes-and-red-hat-sso&quot;,&quot;isDelete&quot;:false},{&quot;label&quot;:&quot;How to verify the migration worked&quot;,&quot;value&quot;:&quot;how-to-verify-the-migration-worked&quot;,&quot;isDelete&quot;:false},{&quot;label&quot;:&quot;GDPR checklist after switching&quot;,&quot;value&quot;:&quot;gdpr-checklist-after-switching&quot;,&quot;isDelete&quot;:false},{&quot;label&quot;:&quot;Frequently Asked Questions&quot;,&quot;value&quot;:&quot;frequently-asked-questions&quot;,&quot;isDelete&quot;:false},{&quot;label&quot;:&quot;Related reading&quot;,&quot;value&quot;:&quot;related-reading&quot;,&quot;isDelete&quot;:true},{&quot;label&quot;:&quot;Try the European alternative built for privacy-first deployments&quot;,&quot;value&quot;:&quot;try-the-european-alternative-built-for-privacy-first-deployments&quot;,&quot;isDelete&quot;:true}]\" data-smooth=\"true\" data-top-offset=\"\"><div class=\"eb-toc__list-wrap\"><ul class='eb-toc__list'><li><a href=\"#why-recaptcha-creates-specific-problems-in-keycloak\">Why reCAPTCHA creates specific problems in Keycloak<\/a><li><a href=\"#keycloak-captcha-alternatives-compared\">Keycloak CAPTCHA alternatives compared<\/a><li><a href=\"#the-three-flows-to-protect\">The three flows to protect<\/a><li><a href=\"#which-keycloak-version-are-you-running\">Which Keycloak version are you running?<\/a><li><a href=\"#installation-adding-the-captchaeu-plugin-to-keycloak\">Installation: adding the CAPTCHA.eu plugin to Keycloak<\/a><li><a href=\"#configure-the-browser-login-flow\">Configure the browser login flow<\/a><li><a href=\"#configure-the-registration-flow\">Configure the registration flow<\/a><li><a href=\"#configure-the-password-reset-flow\">Configure the password reset flow<\/a><li><a href=\"#deployment-notes-docker-kubernetes-and-red-hat-sso\">Deployment notes: Docker, Kubernetes, and Red Hat SSO<\/a><li><a href=\"#how-to-verify-the-migration-worked\">How to verify the migration worked<\/a><li><a href=\"#gdpr-checklist-after-switching\">GDPR checklist after switching<\/a><li><a href=\"#frequently-asked-questions\">Frequently Asked Questions<\/a><\/ul><\/div><\/div><\/div><\/div><\/div>\n\n\n<div class=\"wp-block-essential-blocks-infobox  root-eb-infobox-z1idl\"><div class=\"eb-parent-wrapper eb-parent-eb-infobox-z1idl \"><div class=\"eb-infobox-z1idl eb-infobox-wrapper\"><div class=\"infobox-wrapper-inner\"><div class=\"contents-wrapper\"><h3 class=\"title\"><strong>Who this guide is for<\/strong><\/h3><p class=\"description\">This article is written for IAM admins, security teams, platform engineers and public-sector or regulated organisations that run Keycloak in production and need a practical replacement path for reCAPTCHA across login, registration, and password reset flows.<\/p><\/div><\/div><\/div><\/div><\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading has-text-color has-link-color has-large-font-size wp-elements-0cc0c10e475a291ce52f592c876ac1e7\" id=\"h-why-recaptcha-creates-specific-problems-in-keycloak\" style=\"color:#2b7ca4\">Why reCAPTCHA creates specific problems in Keycloak<\/h2>\n\n\n\n<p>Most reCAPTCHA discussions focus on contact forms. Keycloak is a different situation entirely. It is an identity and access management system: the layer that controls who can log in, create an account, or recover a password across your applications. That means reCAPTCHA here sits on authentication flows, not marketing pages.<\/p>\n\n\n\n<p>For European organisations running Keycloak in production, this creates three issues that are more serious than on a typical website form.<\/p>\n\n\n\n<p><strong>Enterprise and public-sector Keycloak deployments attract the strictest reviews.<\/strong>&nbsp;DPOs, procurement committees, and security architects ask harder questions about third-party scripts on authentication pages than on any other part of a website. A CAPTCHA that introduces no cookies, no US data routing, and a much simpler third-party review profile is structurally easier to defend, and faster to approve.<\/p>\n\n\n\n<p><strong>The&nbsp;_grecaptcha cookie runs on authentication pages.<\/strong>&nbsp;Google confirmed this cookie persists after the April 2026 processor model change. On a login page that employees or customers must complete before they can access any service, they cannot meaningfully opt out of a cookie that protects the very flow they need to use. This is harder to resolve than the same cookie on a contact form.<\/p>\n\n\n\n<p><strong>Verification routes through Google infrastructure.<\/strong>&nbsp;For organisations in regulated sectors such as healthcare, finance, or the public sector, processing personal data via US infrastructure requires active transfer documentation under GDPR. On an authentication system that handles credentials, this adds governance overhead that security and compliance teams would rather avoid entirely.<\/p>\n\n\n\n<div class=\"wp-block-essential-blocks-infobox  root-eb-infobox-1ofse\"><div class=\"eb-parent-wrapper eb-parent-eb-infobox-1ofse \"><div class=\"eb-infobox-1ofse eb-infobox-wrapper\"><div class=\"infobox-wrapper-inner\"><div class=\"contents-wrapper\"><h3 class=\"title\">Authentication pages carry a higher security standard<\/h3><p class=\"description\">Unlike a contact form, authentication flows handle credentials and session tokens. When a third-party CAPTCHA service runs on the same page, it shares the browser context with those flows. For regulated-sector Keycloak deployments, this goes beyond the standard cookie-consent question and into security architecture review territory.<\/p><\/div><\/div><\/div><\/div><\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading has-text-color has-link-color has-large-font-size wp-elements-50552fc8c194fafc165bf6bb06896ba2\" id=\"h-keycloak-captcha-alternatives-compared\" style=\"color:#2b7ca4\">Keycloak CAPTCHA alternatives compared<\/h2>\n\n\n\n<p>Several CAPTCHA providers offer Keycloak plugins, but the market is much more constrained here than for WordPress or TYPO3. Most community extensions break on Keycloak major version upgrades and receive limited maintenance. The Keycloak CAPTCHA ecosystem is much smaller than the WordPress or TYPO3 ecosystem. In practice, most teams evaluating a modern Keycloak CAPTCHA layer look at CAPTCHA.eu, Friendly Captcha, legacy reCAPTCHA, and a small number of community-maintained options such as ALTCHA or hCaptcha integrations.<\/p>\n\n\n\n<figure class=\"wp-block-riovizual-tablebuilder is-style-regular rv_tb-70fb8887-2442-4fdd-8255-68d7f6c3ac23 is-scroll-on-mobile\" rv-tb-responsive-breakpoint=\"768px\"><table class=\"\"><tbody><tr><th class=\"rv_tb-cell rv_tb-row-0-cell-0 rv_tb-rs-row-0-cell-0 rv_tb-cs-row-0-cell-0\"><div class=\"rv_tb-element\"><div class=\"rv_tb-text-wrap rv_justify cell-element-0\"><div class=\"rv_tb-text\"><strong>SOLUTION<\/strong><\/div><\/div><\/div><\/th><th class=\"rv_tb-cell rv_tb-row-0-cell-1 rv_tb-rs-row-0-cell-1 rv_tb-cs-row-0-cell-1\"><div class=\"rv_tb-element\"><div class=\"rv_tb-text-wrap rv_justify cell-element-0\"><div class=\"rv_tb-text\">COOKIES<\/div><\/div><\/div><\/th><th class=\"rv_tb-cell rv_tb-row-0-cell-2 rv_tb-rs-row-0-cell-2 rv_tb-cs-row-0-cell-2\"><div class=\"rv_tb-element\"><div class=\"rv_tb-text-wrap rv_justify cell-element-0\"><div class=\"rv_tb-text\">DATA LOCATION<\/div><\/div><\/div><\/th><th class=\"rv_tb-cell rv_tb-row-0-cell-3 rv_tb-rs-row-0-cell-3 rv_tb-cs-row-0-cell-3\"><div class=\"rv_tb-element\"><div class=\"rv_tb-text-wrap rv_justify cell-element-0\"><div class=\"rv_tb-text\">FLOWS COVERED<\/div><\/div><\/div><\/th><th class=\"rv_tb-cell rv_tb-row-0-cell-4 rv_tb-rs-row-0-cell-4 rv_tb-cs-row-0-cell-4\"><div class=\"rv_tb-element\"><div class=\"rv_tb-text-wrap rv_justify cell-element-0\"><div class=\"rv_tb-text\">PLUGIN TYPE<\/div><\/div><\/div><\/th><th class=\"rv_tb-cell rv_tb-row-0-cell-5 rv_tb-rs-row-0-cell-5 rv_tb-cs-row-0-cell-5\"><div class=\"rv_tb-element\"><div class=\"rv_tb-text-wrap rv_justify cell-element-0\"><div class=\"rv_tb-text\">VERSION REQUIREMENT<\/div><\/div><\/div><\/th><\/tr><tr><td class=\"rv_tb-cell rv_tb-row-1-cell-0 rv_tb-rs-row-1-cell-0 rv_tb-cs-row-1-cell-0\"><div class=\"rv_tb-element\"><div class=\"rv_tb-text-wrap rv_justify cell-element-0\"><div class=\"rv_tb-text\"><strong>CAPTCHA.eu<\/strong><\/div><\/div><\/div><\/td><td class=\"rv_tb-cell rv_tb-row-1-cell-1 rv_tb-rs-row-1-cell-1 rv_tb-cs-row-1-cell-1\"><div class=\"rv_tb-element\"><div class=\"rv_tb-text-wrap rv_justify cell-element-0\"><div class=\"rv_tb-text\">No<\/div><\/div><\/div><\/td><td class=\"rv_tb-cell rv_tb-row-1-cell-2 rv_tb-rs-row-1-cell-2 rv_tb-cs-row-1-cell-2\"><div class=\"rv_tb-element\"><div class=\"rv_tb-text-wrap rv_justify cell-element-0\"><div class=\"rv_tb-text\">Austria (EU)<\/div><\/div><\/div><\/td><td class=\"rv_tb-cell rv_tb-row-1-cell-3 rv_tb-rs-row-1-cell-3 rv_tb-cs-row-1-cell-3\"><div class=\"rv_tb-element\"><div class=\"rv_tb-text-wrap rv_justify cell-element-0\"><div class=\"rv_tb-text\">Login, Registration, Password Reset<\/div><\/div><\/div><\/td><td class=\"rv_tb-cell rv_tb-row-1-cell-4 rv_tb-rs-row-1-cell-4 rv_tb-cs-row-1-cell-4\"><div class=\"rv_tb-element\"><div class=\"rv_tb-text-wrap rv_justify cell-element-0\"><div class=\"rv_tb-text\">Official JAR<\/div><\/div><\/div><\/td><td class=\"rv_tb-cell rv_tb-row-1-cell-5 rv_tb-rs-row-1-cell-5 rv_tb-cs-row-1-cell-5\"><div class=\"rv_tb-element\"><div class=\"rv_tb-text-wrap rv_justify cell-element-0\"><div class=\"rv_tb-text\">Keycloak 22.0.3+<\/div><\/div><\/div><\/td><\/tr><tr><td class=\"rv_tb-cell rv_tb-row-2-cell-0 rv_tb-rs-row-2-cell-0 rv_tb-cs-row-2-cell-0\"><div class=\"rv_tb-element\"><div class=\"rv_tb-text-wrap rv_justify cell-element-0\"><div class=\"rv_tb-text\"><strong>Friendly Captcha<\/strong><\/div><\/div><\/div><\/td><td class=\"rv_tb-cell rv_tb-row-2-cell-1 rv_tb-rs-row-2-cell-1 rv_tb-cs-row-2-cell-1\"><div class=\"rv_tb-element\"><div class=\"rv_tb-text-wrap rv_justify cell-element-0\"><div class=\"rv_tb-text\">No<\/div><\/div><\/div><\/td><td class=\"rv_tb-cell rv_tb-row-2-cell-2 rv_tb-rs-row-2-cell-2 rv_tb-cs-row-2-cell-2\"><div class=\"rv_tb-element\"><div class=\"rv_tb-text-wrap rv_justify cell-element-0\"><div class=\"rv_tb-text\">Dedicated EU-only endpoint from Advanced plan. Lower tiers may use global infrastructure.<\/div><\/div><\/div><\/td><td class=\"rv_tb-cell rv_tb-row-2-cell-3 rv_tb-rs-row-2-cell-3 rv_tb-cs-row-2-cell-3\"><div class=\"rv_tb-element\"><div class=\"rv_tb-text-wrap rv_justify cell-element-0\"><div class=\"rv_tb-text\">Login, Registration, Password Reset<\/div><\/div><\/div><\/td><td class=\"rv_tb-cell rv_tb-row-2-cell-4 rv_tb-rs-row-2-cell-4 rv_tb-cs-row-2-cell-4\"><div class=\"rv_tb-element\"><div class=\"rv_tb-text-wrap rv_justify cell-element-0\"><div class=\"rv_tb-text\">Official plugin<\/div><\/div><\/div><\/td><td class=\"rv_tb-cell rv_tb-row-2-cell-5 rv_tb-rs-row-2-cell-5 rv_tb-cs-row-2-cell-5\"><div class=\"rv_tb-element\"><div class=\"rv_tb-text-wrap rv_justify cell-element-0\"><div class=\"rv_tb-text\">Keycloak 26.1.0+ and Java 17+ required<\/div><\/div><\/div><\/td><\/tr><tr><td class=\"rv_tb-cell rv_tb-row-3-cell-0 rv_tb-rs-row-3-cell-0 rv_tb-cs-row-3-cell-0\"><div class=\"rv_tb-element\"><div class=\"rv_tb-text-wrap rv_justify cell-element-0\"><div class=\"rv_tb-text\"><strong>hCaptcha<\/strong><\/div><\/div><\/div><\/td><td class=\"rv_tb-cell rv_tb-row-3-cell-1 rv_tb-rs-row-3-cell-1 rv_tb-cs-row-3-cell-1\"><div class=\"rv_tb-element\"><div class=\"rv_tb-text-wrap rv_justify cell-element-0\"><div class=\"rv_tb-text\">Yes<\/div><\/div><\/div><\/td><td class=\"rv_tb-cell rv_tb-row-3-cell-2 rv_tb-rs-row-3-cell-2 rv_tb-cs-row-3-cell-2\"><div class=\"rv_tb-element\"><div class=\"rv_tb-text-wrap rv_justify cell-element-0\"><div class=\"rv_tb-text\">US-based<\/div><\/div><\/div><\/td><td class=\"rv_tb-cell rv_tb-row-3-cell-3 rv_tb-rs-row-3-cell-3 rv_tb-cs-row-3-cell-3\"><div class=\"rv_tb-element\"><div class=\"rv_tb-text-wrap rv_justify cell-element-0\"><div class=\"rv_tb-text\">Registration only<\/div><\/div><\/div><\/td><td class=\"rv_tb-cell rv_tb-row-3-cell-4 rv_tb-rs-row-3-cell-4 rv_tb-cs-row-3-cell-4\"><div class=\"rv_tb-element\"><div class=\"rv_tb-text-wrap rv_justify cell-element-0\"><div class=\"rv_tb-text\">Community JAR<\/div><\/div><\/div><\/td><td class=\"rv_tb-cell rv_tb-row-3-cell-5 rv_tb-rs-row-3-cell-5 rv_tb-cs-row-3-cell-5\"><div class=\"rv_tb-element\"><div class=\"rv_tb-text-wrap rv_justify cell-element-0\"><div class=\"rv_tb-text\">Limited maintenance<\/div><\/div><\/div><\/td><\/tr><tr><td class=\"rv_tb-cell rv_tb-row-4-cell-0 rv_tb-rs-row-4-cell-0 rv_tb-cs-row-4-cell-0\"><div class=\"rv_tb-element\"><div class=\"rv_tb-text-wrap rv_justify cell-element-0\"><div class=\"rv_tb-text\"><strong>ALTCHA<\/strong><\/div><\/div><\/div><\/td><td class=\"rv_tb-cell rv_tb-row-4-cell-1 rv_tb-rs-row-4-cell-1 rv_tb-cs-row-4-cell-1\"><div class=\"rv_tb-element\"><div class=\"rv_tb-text-wrap rv_justify cell-element-0\"><div class=\"rv_tb-text\">No<\/div><\/div><\/div><\/td><td class=\"rv_tb-cell rv_tb-row-4-cell-2 rv_tb-rs-row-4-cell-2 rv_tb-cs-row-4-cell-2\"><div class=\"rv_tb-element\"><div class=\"rv_tb-text-wrap rv_justify cell-element-0\"><div class=\"rv_tb-text\">Your own infrastructure<\/div><\/div><\/div><\/td><td class=\"rv_tb-cell rv_tb-row-4-cell-3 rv_tb-rs-row-4-cell-3 rv_tb-cs-row-4-cell-3\"><div class=\"rv_tb-element\"><div class=\"rv_tb-text-wrap rv_justify cell-element-0\"><div class=\"rv_tb-text\">Registration only<\/div><\/div><\/div><\/td><td class=\"rv_tb-cell rv_tb-row-4-cell-4 rv_tb-rs-row-4-cell-4 rv_tb-cs-row-4-cell-4\"><div class=\"rv_tb-element\"><div class=\"rv_tb-text-wrap rv_justify cell-element-0\"><div class=\"rv_tb-text\">Community JAR<\/div><\/div><\/div><\/td><td class=\"rv_tb-cell rv_tb-row-4-cell-5 rv_tb-rs-row-4-cell-5 rv_tb-cs-row-4-cell-5\"><div class=\"rv_tb-element\"><div class=\"rv_tb-text-wrap rv_justify cell-element-0\"><div class=\"rv_tb-text\">Self-hosted backend required<\/div><\/div><\/div><\/td><\/tr><tr><td class=\"rv_tb-cell rv_tb-row-5-cell-0 rv_tb-rs-row-5-cell-0 rv_tb-cs-row-5-cell-0\"><div class=\"rv_tb-element\"><div class=\"rv_tb-text-wrap rv_justify cell-element-0\"><div class=\"rv_tb-text\"><strong>reCAPTCHA v2<\/strong><\/div><\/div><\/div><\/td><td class=\"rv_tb-cell rv_tb-row-5-cell-1 rv_tb-rs-row-5-cell-1 rv_tb-cs-row-5-cell-1\"><div class=\"rv_tb-element\"><div class=\"rv_tb-text-wrap rv_justify cell-element-0\"><div class=\"rv_tb-text\">Yes (_grecaptcha)<\/div><\/div><\/div><\/td><td class=\"rv_tb-cell rv_tb-row-5-cell-2 rv_tb-rs-row-5-cell-2 rv_tb-cs-row-5-cell-2\"><div class=\"rv_tb-element\"><div class=\"rv_tb-text-wrap rv_justify cell-element-0\"><div class=\"rv_tb-text\">US-based<\/div><\/div><\/div><\/td><td class=\"rv_tb-cell rv_tb-row-5-cell-3 rv_tb-rs-row-5-cell-3 rv_tb-cs-row-5-cell-3\"><div class=\"rv_tb-element\"><div class=\"rv_tb-text-wrap rv_justify cell-element-0\"><div class=\"rv_tb-text\">Registration (built-in only)<\/div><\/div><\/div><\/td><td class=\"rv_tb-cell rv_tb-row-5-cell-4 rv_tb-rs-row-5-cell-4 rv_tb-cs-row-5-cell-4\"><div class=\"rv_tb-element\"><div class=\"rv_tb-text-wrap rv_justify cell-element-0\"><div class=\"rv_tb-text\">Built-in<\/div><\/div><\/div><\/td><td class=\"rv_tb-cell rv_tb-row-5-cell-5 rv_tb-rs-row-5-cell-5 rv_tb-cs-row-5-cell-5\"><div class=\"rv_tb-element\"><div class=\"rv_tb-text-wrap rv_justify cell-element-0\"><div class=\"rv_tb-text\">Login and Reset require custom extensions<\/div><\/div><\/div><\/td><\/tr><\/tbody><\/table><figcaption class=\"rv_tb-caption\" rv-tb-caption-position=\"bottom\"><em>This comparison is written by the CAPTCHA.eu team and includes our own product. We aim to characterise all solutions fairly based on current public documentation. Where configuration changes the answer, we say so explicitly. Check current documentations for the latest position.<\/em><\/figcaption><\/figure>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading has-text-color has-link-color has-large-font-size wp-elements-99afa02a94b4d45f6bcc9b001a6311ab\" id=\"h-the-three-flows-to-protect\" style=\"color:#2b7ca4\">The three flows to protect<\/h2>\n\n\n\n<p>Keycloak organises authentication as configurable flows, which are independent sequences that you modify separately in the Admin Console. Understanding what each flow does helps you decide which ones to protect first and why.<\/p>\n\n\n\n<p>The&nbsp;<strong>browser (login) flow<\/strong>&nbsp;is the standard login page that users see when they access a Keycloak-protected application. It carries the highest traffic volume and is the primary target for credential stuffing and brute-force attacks: automated attempts to access accounts using stolen or guessed credentials at scale.<\/p>\n\n\n\n<p>The&nbsp;<strong>registration flow<\/strong>&nbsp;covers account creation. Without CAPTCHA protection here, bots create fake accounts in bulk, which degrades service quality, skews user analytics, and enables abuse of trial periods, referral programs, or free tiers.<\/p>\n\n\n\n<p>The&nbsp;<strong>reset credentials flow<\/strong>&nbsp;handles password recovery. Attackers target it to trigger recovery emails at scale, overload mail infrastructure, enumerate which usernames exist in the system, or probe for account takeover opportunities. It is the least-discussed of the three and often the last one teams think to protect. Leaving it open while protecting the other two creates a gap.<\/p>\n\n\n\n<p>One important limitation to know upfront: Keycloak&#8217;s built-in reCAPTCHA only protects the registration flow natively. To protect login and password reset with reCAPTCHA, you need custom extensions. CAPTCHA.eu covers all three with the same JAR and follows the same configuration pattern for each, which is one reason teams find the migration straightforward.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading has-text-color has-link-color has-large-font-size wp-elements-9d230c8fe35f1eaca8411676dec7f5ee\" id=\"h-which-keycloak-version-are-you-running\" style=\"color:#2b7ca4\">Which Keycloak version are you running?<\/h2>\n\n\n\n<p>Before you install anything, check your Keycloak version. It affects which alternatives are available to you.<\/p>\n\n\n\n<p>If you run\u00a0Keycloak 26.1.0 or later with Java 17 or later, both CAPTCHA.eu and Friendly Captcha are available. Both offer officially maintained plugins covering all three flows. CAPTCHA.eu also supports Keycloak 22.0.3 and later, which makes it a fit for teams running older installations.<\/p>\n\n\n\n<p>If you run&nbsp;an older Keycloak version&nbsp;(Keycloak 24.x, 25.x, or anything below 26.1.0), Friendly Captcha&#8217;s Keycloak plugin is not compatible. Their plugin explicitly requires Keycloak 26.1.0+ and Java 17+. CAPTCHA.eu supports a broader version range. <\/p>\n\n\n\n<p>If you run&nbsp;Red Hat Build of Keycloak (RHBK)&nbsp;or the older Red Hat SSO product, the version mapping differs from upstream Keycloak. RHBK 24 corresponds roughly to upstream Keycloak 24. Verify against the plugin&#8217;s documented compatibility before rolling out to production.<\/p>\n\n\n\n<div class=\"wp-block-essential-blocks-infobox  root-eb-infobox-kg1w2\"><div class=\"eb-parent-wrapper eb-parent-eb-infobox-kg1w2 \"><div class=\"eb-infobox-kg1w2 eb-infobox-wrapper\"><div class=\"infobox-wrapper-inner\"><div class=\"contents-wrapper\"><h3 class=\"title\">How to check your Keycloak version<\/h3><p class=\"description\">Log in to the Keycloak Admin Console. The version number appears in the bottom-left corner of the admin UI. Alternatively, check the server startup logs or run\u00a0<code>bin\/kc.sh --version<\/code>\u00a0from your Keycloak installation directory.<\/p><\/div><\/div><\/div><\/div><\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading has-text-color has-link-color has-large-font-size wp-elements-6d5d1a3a88ff8ea76a31b359435b38d3\" id=\"h-installation-adding-the-captcha-eu-plugin-to-keycloak\" style=\"color:#2b7ca4\">Installation: adding the CAPTCHA.eu plugin to Keycloak<\/h2>\n\n\n\n<p>The installation is a one-time step that applies to all three flows. Once the JAR is in place, you configure each flow separately in the Admin Console.<\/p>\n\n\n\n<div class=\"wp-block-essential-blocks-feature-list  root-eb-feature-list-k22x4\"><div class=\"eb-parent-wrapper eb-parent-eb-feature-list-k22x4 \"><div class=\"eb-feature-list-k22x4 eb-feature-list-wrapper eb-icon-position-left eb-tablet-icon-position-left eb-mobile-icon-position-left eb-feature-list-left\"><ul class=\"eb-feature-list-items circle stacked\"><li class=\"eb-feature-list-item\" data-new-tab=\"false\" data-icon-type=\"icon\" data-icon=\"fas fa-1\" data-icon-color=\"\" data-link=\"\"><div class=\"eb-feature-list-icon-box\"><div class=\"eb-feature-list-icon-inner\"><span class=\"eb-feature-list-icon\" style=\"color:\"><i icon=\"fas fa-1\" class=\"fas fa-1 \"><\/i><\/span><\/div><\/div><div class=\"eb-feature-list-content-box\"><h3 class=\"eb-feature-list-title\">Download and install the JAR<\/h3><p class=\"eb-feature-list-content\">Download the CAPTCHA.eu Keycloak plugin from the plugin page. Copy keycloak-captcha.jar from the target\/ directory into your Keycloak providers\/ folder. Then restart Keycloak to load the new provider.<\/p><\/div><\/li><li class=\"eb-feature-list-item\" data-new-tab=\"false\" data-icon-type=\"icon\" data-icon=\"fas fa-2\" data-icon-color=\"\" data-link=\"\"><div class=\"eb-feature-list-icon-box\"><div class=\"eb-feature-list-icon-inner\"><span class=\"eb-feature-list-icon\" style=\"color:\"><i icon=\"fas fa-2\" class=\"fas fa-2 \"><\/i><\/span><\/div><\/div><div class=\"eb-feature-list-content-box\"><h3 class=\"eb-feature-list-title\">Create your CAPTCHA.eu domain and get your keys<\/h3><p class=\"eb-feature-list-content\">Register at captcha.eu. In the Dashboard, create a domain entry for your Keycloak realm. This generates your Public Key and REST Key, and you will need both when configuring each flow below.<\/p><\/div><\/li><\/ul><\/div><\/div><\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading has-text-color has-link-color has-large-font-size wp-elements-e5f2da568c3af5e42d0eea1f4d83ec65\" id=\"h-configure-the-browser-login-flow\" style=\"color:#2b7ca4\">Configure the browser login flow<\/h2>\n\n\n\n<div class=\"wp-block-essential-blocks-feature-list  root-eb-feature-list-x69au\"><div class=\"eb-parent-wrapper eb-parent-eb-feature-list-x69au \"><div class=\"eb-feature-list-x69au eb-feature-list-wrapper eb-icon-position-left eb-tablet-icon-position-left eb-mobile-icon-position-left eb-feature-list-left\"><ul class=\"eb-feature-list-items circle stacked\"><li class=\"eb-feature-list-item\" data-new-tab=\"false\" data-icon-type=\"icon\" data-icon=\"fas fa-1\" data-icon-color=\"\" data-link=\"\"><div class=\"eb-feature-list-icon-box\"><div class=\"eb-feature-list-icon-inner\"><span class=\"eb-feature-list-icon\" style=\"color:\"><i icon=\"fas fa-1\" class=\"fas fa-1 \"><\/i><\/span><\/div><\/div><div class=\"eb-feature-list-content-box\"><h3 class=\"eb-feature-list-title\">Duplicate the browser flow<\/h3><p class=\"eb-feature-list-content\">In the Keycloak Admin Console, go to\nAuthentication\nand select\nbrowser\n. Click\nAction > Duplicate\nto create a working copy. This protects the default flow so you can revert if needed.<\/p><\/div><\/li><li class=\"eb-feature-list-item\" data-new-tab=\"false\" data-icon-type=\"icon\" data-icon=\"fas fa-2\" data-icon-color=\"\" data-link=\"\"><div class=\"eb-feature-list-icon-box\"><div class=\"eb-feature-list-icon-inner\"><span class=\"eb-feature-list-icon\" style=\"color:\"><i icon=\"fas fa-2\" class=\"fas fa-2 \"><\/i><\/span><\/div><\/div><div class=\"eb-feature-list-content-box\"><h3 class=\"eb-feature-list-title\">Remove the default Username Password Form<\/h3><p class=\"eb-feature-list-content\">Delete the\nUsername Password Form\nexecution from the duplicated flow. CAPTCHA.eu replaces this step with its own combined form that includes CAPTCHA verification.<\/p><\/div><\/li><li class=\"eb-feature-list-item\" data-new-tab=\"false\" data-icon-type=\"icon\" data-icon=\"fas fa-3\" data-icon-color=\"\" data-link=\"\"><div class=\"eb-feature-list-icon-box\"><div class=\"eb-feature-list-icon-inner\"><span class=\"eb-feature-list-icon\" style=\"color:\"><i icon=\"fas fa-3\" class=\"fas fa-3 \"><\/i><\/span><\/div><\/div><div class=\"eb-feature-list-content-box\"><h3 class=\"eb-feature-list-title\">Add the CAPTCHA.eu login form<\/h3><p class=\"eb-feature-list-content\">Click\nAdd New Step\ninside the browser forms group. Search for and select\ncaptcha.eu: Username Password Form. Click the settings icon, paste your Public Key and REST Key, and save.<\/p><\/div><\/li><li class=\"eb-feature-list-item\" data-new-tab=\"false\" data-icon-type=\"icon\" data-icon=\"fas fa-4\" data-icon-color=\"\" data-link=\"\"><div class=\"eb-feature-list-icon-box\"><div class=\"eb-feature-list-icon-inner\"><span class=\"eb-feature-list-icon\" style=\"color:\"><i icon=\"fas fa-4\" class=\"fas fa-4 \"><\/i><\/span><\/div><\/div><div class=\"eb-feature-list-content-box\"><h3 class=\"eb-feature-list-title\">Bind the flow<\/h3><p class=\"eb-feature-list-content\">Click\nAction > Bind flow\nand select Browser flow. This activates your modified flow for all logins in this realm.\n\n<\/p><\/div><\/li><li class=\"eb-feature-list-item\" data-new-tab=\"false\" data-icon-type=\"icon\" data-icon=\"fas fa-5\" data-icon-color=\"\" data-link=\"\"><div class=\"eb-feature-list-icon-box\"><div class=\"eb-feature-list-icon-inner\"><span class=\"eb-feature-list-icon\" style=\"color:\"><i icon=\"fas fa-5\" class=\"fas fa-5 \"><\/i><\/span><\/div><\/div><div class=\"eb-feature-list-content-box\"><h3 class=\"eb-feature-list-title\">Add the frontend snippet to login.ftl<\/h3><p class=\"eb-feature-list-content\">Add the following snippet to your Keycloak theme&#8217;s login.ftl file, right after the closing &lt;\/form> tag:<\/p><\/div><\/li><\/ul><\/div><\/div><\/div>\n\n\n\n<pre class=\"wp-block-code has-background-color has-text-color has-background has-link-color wp-elements-f3d0847626e4812e508f80a894ec706b\" style=\"border-top-left-radius:10px;border-top-right-radius:10px;border-bottom-left-radius:10px;border-bottom-right-radius:10px;background-color:#222e50\"><code>&lt;#if captchaEnabled ??&gt;\n  &lt;script&gt;\n    var CaptchaDOMReady = function (callback) {\n      document.readyState === \"interactive\" || document.readyState === \"complete\"\n        ? callback()\n        : document.addEventListener(\"DOMContentLoaded\", callback);\n    };\n    CaptchaDOMReady(function() {\n      KROT.setup(\"${captchaEUPublicKey}\");\n      var f = document.getElementById(\"kc-form-login\");\n      KROT.interceptForm(f);\n    });\n  &lt;\/script&gt;\n&lt;\/#if&gt;<\/code><\/pre>\n\n\n\n<p>If you prefer not to edit your theme manually, use the pre-built theme included in the CAPTCHA.eu extension source at&nbsp;\/theme\/captcha.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading has-text-color has-link-color has-large-font-size wp-elements-06383628674fca9b48a2561e3679c499\" id=\"h-configure-the-registration-flow\" style=\"color:#2b7ca4\">Configure the registration flow<\/h2>\n\n\n\n<div class=\"wp-block-essential-blocks-feature-list  root-eb-feature-list-kfh94\"><div class=\"eb-parent-wrapper eb-parent-eb-feature-list-kfh94 \"><div class=\"eb-feature-list-kfh94 eb-feature-list-wrapper eb-icon-position-left eb-tablet-icon-position-left eb-mobile-icon-position-left eb-feature-list-left\"><ul class=\"eb-feature-list-items circle stacked\"><li class=\"eb-feature-list-item\" data-new-tab=\"false\" data-icon-type=\"icon\" data-icon=\"fas fa-1\" data-icon-color=\"\" data-link=\"\"><div class=\"eb-feature-list-icon-box\"><div class=\"eb-feature-list-icon-inner\"><span class=\"eb-feature-list-icon\" style=\"color:\"><i icon=\"fas fa-1\" class=\"fas fa-1 \"><\/i><\/span><\/div><\/div><div class=\"eb-feature-list-content-box\"><h3 class=\"eb-feature-list-title\">Duplicate the registration flow<\/h3><p class=\"eb-feature-list-content\">Go to Authentication > registration\nand click Action > Duplicate<\/p><\/div><\/li><li class=\"eb-feature-list-item\" data-new-tab=\"false\" data-icon-type=\"icon\" data-icon=\"fas fa-2\" data-icon-color=\"\" data-link=\"\"><div class=\"eb-feature-list-icon-box\"><div class=\"eb-feature-list-icon-inner\"><span class=\"eb-feature-list-icon\" style=\"color:\"><i icon=\"fas fa-2\" class=\"fas fa-2 \"><\/i><\/span><\/div><\/div><div class=\"eb-feature-list-content-box\"><h3 class=\"eb-feature-list-title\">Replace the existing CAPTCHA execution<\/h3><p class=\"eb-feature-list-content\">Delete the\nreCAPTCHA execution if it is present. Then click Add New Step\nand select captcha.eu: Registration. Set its requirement to Required, configure your Public Key and REST Key in the settings and save.<\/p><\/div><\/li><li class=\"eb-feature-list-item\" data-new-tab=\"false\" data-icon-type=\"icon\" data-icon=\"fas fa-3\" data-icon-color=\"\" data-link=\"\"><div class=\"eb-feature-list-icon-box\"><div class=\"eb-feature-list-icon-inner\"><span class=\"eb-feature-list-icon\" style=\"color:\"><i icon=\"fas fa-3\" class=\"fas fa-3 \"><\/i><\/span><\/div><\/div><div class=\"eb-feature-list-content-box\"><h3 class=\"eb-feature-list-title\">Bind the flow and add the frontend snippet<\/h3><p class=\"eb-feature-list-content\">Bind via\nAction > Bind flow > Registration flow. Then add this snippet to register.ftl after the closing &lt;\/form> tag:<\/p><\/div><\/li><\/ul><\/div><\/div><\/div>\n\n\n\n<pre class=\"wp-block-code has-background-color has-text-color has-background has-link-color wp-elements-72e5ec9fdb49cb330d8f8fb9640df557\" style=\"border-top-left-radius:10px;border-top-right-radius:10px;border-bottom-left-radius:10px;border-bottom-right-radius:10px;background-color:#222e50\"><code>&lt;#if captchaEnabled ??&gt;\n  &lt;script&gt;\n    var CaptchaDOMReady = function (callback) {\n      document.readyState === \"interactive\" || document.readyState === \"complete\"\n        ? callback()\n        : document.addEventListener(\"DOMContentLoaded\", callback);\n    };\n    CaptchaDOMReady(function() {\n      KROT.setup(\"${captchaEUPublicKey}\");\n      var f = document.getElementById(\"kc-register-form\");\n      KROT.interceptForm(f);\n    });\n  &lt;\/script&gt;\n&lt;\/#if&gt;<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading has-text-color has-link-color has-large-font-size wp-elements-8950b9eb56658c82a63483eac44548a2\" id=\"h-configure-the-password-reset-flow\" style=\"color:#2b7ca4\">Configure the password reset flow<\/h2>\n\n\n\n<div class=\"wp-block-essential-blocks-feature-list  root-eb-feature-list-8h7px\"><div class=\"eb-parent-wrapper eb-parent-eb-feature-list-8h7px \"><div class=\"eb-feature-list-8h7px eb-feature-list-wrapper eb-icon-position-left eb-tablet-icon-position-left eb-mobile-icon-position-left eb-feature-list-left\"><ul class=\"eb-feature-list-items circle stacked\"><li class=\"eb-feature-list-item\" data-new-tab=\"false\" data-icon-type=\"icon\" data-icon=\"fas fa-1\" data-icon-color=\"\" data-link=\"\"><div class=\"eb-feature-list-icon-box\"><div class=\"eb-feature-list-icon-inner\"><span class=\"eb-feature-list-icon\" style=\"color:\"><i icon=\"fas fa-1\" class=\"fas fa-1 \"><\/i><\/span><\/div><\/div><div class=\"eb-feature-list-content-box\"><h3 class=\"eb-feature-list-title\">Duplicate the reset credentials flow<\/h3><p class=\"eb-feature-list-content\">Go to Authentication > reset credentials and click Action > Duplicate.<\/p><\/div><\/li><li class=\"eb-feature-list-item\" data-new-tab=\"false\" data-icon-type=\"icon\" data-icon=\"fas fa-2\" data-icon-color=\"\" data-link=\"\"><div class=\"eb-feature-list-icon-box\"><div class=\"eb-feature-list-icon-inner\"><span class=\"eb-feature-list-icon\" style=\"color:\"><i icon=\"fas fa-2\" class=\"fas fa-2 \"><\/i><\/span><\/div><\/div><div class=\"eb-feature-list-content-box\"><h3 class=\"eb-feature-list-title\">Replace the Choose User execution<\/h3><p class=\"eb-feature-list-content\">Delete the Choose User execution. Click Add New Step and select captcha.eu: Choose User. Configure your Public Key and REST Key in the settings and save.<\/p><\/div><\/li><li class=\"eb-feature-list-item\" data-new-tab=\"false\" data-icon-type=\"icon\" data-icon=\"fas fa-3\" data-icon-color=\"\" data-link=\"\"><div class=\"eb-feature-list-icon-box\"><div class=\"eb-feature-list-icon-inner\"><span class=\"eb-feature-list-icon\" style=\"color:\"><i icon=\"fas fa-3\" class=\"fas fa-3 \"><\/i><\/span><\/div><\/div><div class=\"eb-feature-list-content-box\"><h3 class=\"eb-feature-list-title\">Bind the flow and add the frontend snippet<\/h3><p class=\"eb-feature-list-content\">Bind via Action > Bind flow > Reset credentials flow. Add this snippet to login-reset-password.ftl after the closing &lt;\/form> tag:<\/p><\/div><\/li><\/ul><\/div><\/div><\/div>\n\n\n\n<pre class=\"wp-block-code has-background-color has-text-color has-background has-link-color wp-elements-82c39ca797c7b8542eac3507ef16f913\" style=\"border-top-left-radius:10px;border-top-right-radius:10px;border-bottom-left-radius:10px;border-bottom-right-radius:10px;background-color:#222e50\"><code>&lt;#if captchaEnabled ??&gt;\n  &lt;script&gt;\n    var CaptchaDOMReady = function (callback) {\n      document.readyState === \"interactive\" || document.readyState === \"complete\"\n        ? callback()\n        : document.addEventListener(\"DOMContentLoaded\", callback);\n    };\n    CaptchaDOMReady(function() {\n      KROT.setup(\"${captchaEUPublicKey}\");\n      var f = document.getElementById(\"kc-reset-password-form\");\n      KROT.interceptForm(f);\n    });\n  &lt;\/script&gt;\n&lt;\/#if&gt;<\/code><\/pre>\n\n\n\n<div class=\"wp-block-group has-vivid-cyan-blue-background-color has-background is-layout-constrained wp-block-group-is-layout-constrained\" style=\"padding-top:2rem;padding-bottom:2rem\">\n<h2 class=\"wp-block-heading has-text-align-center has-background-color has-text-color has-extra-large-font-size\" id=\"h-protect-keycloak-login-registration-and-password-reset\">Protect Keycloak login, registration and password reset<\/h2>\n\n\n\n<p class=\"has-text-align-center has-background-color has-text-color\">Austria-hosted, no cookies, officially maintained plugin covering all three authentication flows. 100 free verifications to start.<\/p>\n\n\n\n<div class=\"wp-block-buttons is-content-justification-center is-layout-flex wp-container-core-buttons-is-layout-1cfe34db wp-block-buttons-is-layout-flex\" style=\"margin-top:1.8rem\">\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link has-body-text-color has-background-background-color has-text-color has-background wp-element-button\" href=\"https:\/\/www.captcha.eu\/login\">Start free trial<\/a><\/div>\n\n\n\n<div class=\"wp-block-button is-style-outline is-style-outline--1\"><a class=\"wp-block-button__link has-background-color has-text-color wp-element-button\" href=\"https:\/\/www.captcha.eu\/contact-us\/\">Contact sales<\/a><\/div>\n<\/div>\n<\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading has-text-color has-link-color has-large-font-size wp-elements-24f18ea3d77c0de1b84aa61b7fb004cf\" id=\"h-deployment-notes-docker-kubernetes-and-red-hat-sso\" style=\"color:#2b7ca4\">Deployment notes: Docker, Kubernetes, and Red Hat SSO<br><\/h2>\n\n\n\n<p>How you install the JAR depends on how you run Keycloak. The Admin Console configuration steps are identical in all cases. Only the file placement differs.<\/p>\n\n\n\n<p><strong>Standard installation (bare-metal or VM):<\/strong>&nbsp;Copy&nbsp;keycloak-captcha.jar&nbsp;directly into the&nbsp;providers\/&nbsp;directory of your Keycloak installation and restart. Keycloak picks up the new provider automatically on startup.<\/p>\n\n\n\n<p><strong>Docker:<\/strong>&nbsp;Add the JAR at build time using a&nbsp;COPY&nbsp;instruction in your Dockerfile, or mount it at runtime via a volume. The providers directory inside the container is typically at&nbsp;\/opt\/keycloak\/providers\/. A minimal Dockerfile approach looks like this:<\/p>\n\n\n\n<pre class=\"wp-block-code has-background-color has-text-color has-background has-link-color wp-elements-1a1629336816fad35b2f1838fe840375\" style=\"border-top-left-radius:10px;border-top-right-radius:10px;border-bottom-left-radius:10px;border-bottom-right-radius:10px;background-color:#222e50\"><code>FROM quay.io\/keycloak\/keycloak:latest\nCOPY keycloak-captcha.jar \/opt\/keycloak\/providers\/\nRUN \/opt\/keycloak\/bin\/kc.sh build<\/code><\/pre>\n\n\n\n<p><strong>Kubernetes:<\/strong>&nbsp;Mount the JAR using an&nbsp;initContainer&nbsp;that copies it into a shared volume, or use a ConfigMap if your cluster supports binary data. The most reliable production approach is building a custom Keycloak image with the JAR baked in, then referencing it in your Deployment manifest. This avoids volume mounting complexity and keeps your deployment reproducible.<\/p>\n\n\n\n<p><strong>Red Hat Build of Keycloak (RHBK) and Red Hat SSO:<\/strong>&nbsp;RHBK follows the same providers directory approach as upstream Keycloak, but the version numbers differ. RHBK 24 corresponds roughly to upstream Keycloak 24. If you run Red Hat SSO 7.x, the older product based on a different Keycloak version, verify plugin compatibility carefully before deploying to production. The CAPTCHA.eu plugin page documents current compatibility; when in doubt, test on a staging realm first.<\/p>\n\n\n\n<div class=\"wp-block-essential-blocks-infobox  root-eb-infobox-q3ic9\"><div class=\"eb-parent-wrapper eb-parent-eb-infobox-q3ic9 \"><div class=\"eb-infobox-q3ic9 eb-infobox-wrapper\"><div class=\"infobox-wrapper-inner\"><div class=\"contents-wrapper\"><h3 class=\"title\">Test on a staging realm before going to production<\/h3><p class=\"description\">Keycloak lets you create multiple realms in the same installation. Before rolling out CAPTCHA.eu on your production realm, configure it on a dedicated test realm and run login, registration, and password reset end to end. This takes about fifteen minutes and catches any theme or flow configuration issues before they affect real users.<\/p><\/div><\/div><\/div><\/div><\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading has-text-color has-link-color has-large-font-size wp-elements-3b087059140f398a7ea31ac49502806c\" id=\"h-how-to-verify-the-migration-worked\" style=\"color:#2b7ca4\">How to verify the migration worked<\/h2>\n\n\n\n<p>Once all three flows are configured, a quick verification pass confirms everything is working before you treat the migration as complete.<\/p>\n\n\n\n<p>In the&nbsp;<strong>CAPTCHA.eu Dashboard<\/strong>, open your domain and check the verification log. After submitting each protected flow (login, registration, password reset), you should see corresponding verification events appear in the log within seconds. If a flow is missing from the log, the CAPTCHA.eu step is not active for that flow. Return to the Admin Console and check that the flow is correctly bound.<\/p>\n\n\n\n<p>On the&nbsp;<strong>frontend<\/strong>, submit a test entry for each flow on both desktop and mobile. The verification should complete silently in the background with no visible challenge. If you see an error or the form refuses to submit, check that the Public Key in the plugin settings matches the one in your CAPTCHA.eu Dashboard, and that your FTL snippet references the correct form element ID for each flow.<\/p>\n\n\n\n<p>For&nbsp;<strong>Kubernetes deployments<\/strong>, also verify that the JAR is correctly loaded after a pod restart by checking Keycloak startup logs for the provider registration confirmation. If the provider does not appear in the logs, the JAR is not being picked up. Recheck the volume mount or image build.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading has-text-color has-link-color has-large-font-size wp-elements-e7e165efb8fcc078226ae86da90ab936\" id=\"h-gdpr-checklist-after-switching\" style=\"color:#2b7ca4\">GDPR checklist after switching<\/h2>\n\n\n\n<p>The technical migration covers the CAPTCHA layer. These steps complete the compliance picture.<\/p>\n\n\n\n<p><strong>Update your privacy notice.<\/strong>&nbsp;Remove the reCAPTCHA entry and replace it with a short CAPTCHA.eu entry that names Austria as the processing location and bot protection on authentication flows as the purpose.<\/p>\n\n\n\n<p><strong>Review your consent management setup.<\/strong>&nbsp;If your Keycloak deployment included any cookie disclosure for reCAPTCHA, remove or revise that entry. For CAPTCHA.eu, no cookie-based consent mechanism is needed for the CAPTCHA layer itself. Session cookies and OIDC tokens are separate and unaffected.<\/p>\n\n\n\n<p><strong>Update your processing records.<\/strong>&nbsp;Replace Google as the CAPTCHA-related processor in your Article 30 records. A standard DPA is available from CAPTCHA.eu for this purpose.<\/p>\n\n\n\n<p><strong>Confirm with your security and DPO teams.<\/strong>&nbsp;For enterprise and regulated-sector deployments, confirm the authentication flow changes with your security architect and DPO before go-live. This is standard practice for any authentication system change.<\/p>\n\n\n\n<div class=\"wp-block-essential-blocks-infobox  root-eb-infobox-1pnl8\"><div class=\"eb-parent-wrapper eb-parent-eb-infobox-1pnl8 \"><div class=\"eb-infobox-1pnl8 eb-infobox-wrapper\"><div class=\"infobox-wrapper-inner\"><div class=\"contents-wrapper\"><h3 class=\"title\"><strong>Why this takes less time than teams expect<\/strong><\/h3><p class=\"description\">The same pattern repeats three times: duplicate flow, replace one execution, configure keys, bind, add FTL snippet. After the login flow, registration and password reset each take about five minutes. Total migration time for all three flows, including testing, is typically under ninety minutes, even for teams new to Keycloak flow configuration.<\/p><\/div><\/div><\/div><\/div><\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading has-text-color has-link-color has-large-font-size wp-elements-5ce9e574cfb454ba3d1a1aa741d21fde\" id=\"h-frequently-asked-questions\" style=\"color:#2b7ca4\">Frequently Asked Questions<\/h2>\n\n\n\n<div class=\"wp-block-premium-accordion premium-accordion premium-accordion-1585f1407329\">\n<div class=\"wp-block-premium-accordion-item premium-accordion-item-cf33e29c6284 premium-accordion__content_wrap\"><div class=\"premium-accordion__title_wrap premium-accordion__ltr premium-accordion__out\"><div class=\"premium-accordion__title\"><h4 class=\"premium-accordion__title_text\">Does CAPTCHA.eu work with my Keycloak version?<\/h4><\/div><div class=\"premium-accordion__icon_wrap\"><svg class=\"premium-accordion__icon\" role=\"img\" focusable=\"false\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewBox=\"0 0 20 20\"><polygon points=\"16.7,3.3 10,10 3.3,3.4 0,6.7 10,16.7 10,16.6 20,6.7 \"><\/polygon><\/svg><\/div><\/div><div class=\"premium-accordion__desc_wrap\"><p class=\"premium-accordion__desc\">The CAPTCHA.eu plugin works via Keycloak&#8217;s Authentication SPI and supports a broad version range. Check the plugin page for the current compatibility matrix. For reference: Friendly Captcha&#8217;s Keycloak plugin requires Keycloak 26.1.0 or later and Java 17 or later. If you run an older version, CAPTCHA.eu maintains options available to you.<\/p><\/div><\/div>\n\n\n\n<div class=\"wp-block-premium-accordion-item premium-accordion-item-1e71b37086ac premium-accordion__content_wrap\"><div class=\"premium-accordion__title_wrap premium-accordion__ltr premium-accordion__out\"><div class=\"premium-accordion__title\"><h4 class=\"premium-accordion__title_text\">Do I still need a cookie consent banner after switching?<\/h4><\/div><div class=\"premium-accordion__icon_wrap\"><svg class=\"premium-accordion__icon\" role=\"img\" focusable=\"false\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewBox=\"0 0 20 20\"><polygon points=\"16.7,3.3 10,10 3.3,3.4 0,6.7 10,16.7 10,16.6 20,6.7 \"><\/polygon><\/svg><\/div><\/div><div class=\"premium-accordion__desc_wrap\"><p class=\"premium-accordion__desc\">Not for the CAPTCHA layer itself. CAPTCHA.eu sets no cookies for the CAPTCHA function, which removes the specific consent trigger that reCAPTCHA introduces on authentication pages. Session cookies and OIDC tokens are separate from this and unaffected by the switch.<\/p><\/div><\/div>\n\n\n\n<div class=\"wp-block-premium-accordion-item premium-accordion-item-0745f5e1c685 premium-accordion__content_wrap\"><div class=\"premium-accordion__title_wrap premium-accordion__ltr premium-accordion__out\"><div class=\"premium-accordion__title\"><h4 class=\"premium-accordion__title_text\">Can I protect only some flows and leave others unchanged?<\/h4><\/div><div class=\"premium-accordion__icon_wrap\"><svg class=\"premium-accordion__icon\" role=\"img\" focusable=\"false\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewBox=\"0 0 20 20\"><polygon points=\"16.7,3.3 10,10 3.3,3.4 0,6.7 10,16.7 10,16.6 20,6.7 \"><\/polygon><\/svg><\/div><\/div><div class=\"premium-accordion__desc_wrap\"><p class=\"premium-accordion__desc\">Yes. Each Keycloak flow is configured independently, so you can protect registration only, or login and registration, or all three. Most teams start with registration (the highest volume of automated abuse) and then add login and password reset. Leaving password reset unprotected while protecting the other two creates a gap, so plan to cover all three flows.<\/p><\/div><\/div>\n\n\n\n<div class=\"wp-block-premium-accordion-item premium-accordion-item-11a3073ce98b premium-accordion__content_wrap\"><div class=\"premium-accordion__title_wrap premium-accordion__ltr premium-accordion__out\"><div class=\"premium-accordion__title\"><h4 class=\"premium-accordion__title_text\">What happens if I have a custom Keycloak theme?<\/h4><\/div><div class=\"premium-accordion__icon_wrap\"><svg class=\"premium-accordion__icon\" role=\"img\" focusable=\"false\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewBox=\"0 0 20 20\"><polygon points=\"16.7,3.3 10,10 3.3,3.4 0,6.7 10,16.7 10,16.6 20,6.7 \"><\/polygon><\/svg><\/div><\/div><div class=\"premium-accordion__desc_wrap\"><p class=\"premium-accordion__desc\">Add the frontend snippets to your existing theme templates: login.ftl, register.ftl, and login-reset-password.ftl. Each snippet goes after the closing tag of its respective template. If you prefer a fresh start, the CAPTCHA.eu extension includes a pre-built theme at \/theme\/captcha that you can use as a base.<\/p><\/div><\/div>\n\n\n\n<div class=\"wp-block-premium-accordion-item premium-accordion-item-e881d63bbcd2 premium-accordion__content_wrap\"><div class=\"premium-accordion__title_wrap premium-accordion__ltr premium-accordion__out\"><div class=\"premium-accordion__title\"><h4 class=\"premium-accordion__title_text\">How is CAPTCHA.eu different from Friendly Captcha for Keycloak?<\/h4><\/div><div class=\"premium-accordion__icon_wrap\"><svg class=\"premium-accordion__icon\" role=\"img\" focusable=\"false\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewBox=\"0 0 20 20\"><polygon points=\"16.7,3.3 10,10 3.3,3.4 0,6.7 10,16.7 10,16.6 20,6.7 \"><\/polygon><\/svg><\/div><\/div><div class=\"premium-accordion__desc_wrap\"><p class=\"premium-accordion__desc\">Both provide official Keycloak plugins with proof-of-work verification and no cookies. The practical differences: CAPTCHA.eu supports a broader Keycloak version range: Friendly Captcha requires Keycloak 26.1.0+ and Java 17+, which rules it out for teams on older installations. CAPTCHA.eu also includes Austria-hosted processing on every commercial plan by default, while Friendly Captcha&#8217;s dedicated EU-only endpoint requires the Advanced plan at \u20ac200\/month or above.<\/p><\/div><\/div>\n\n\n\n<div class=\"wp-block-premium-accordion-item premium-accordion-item-8e89c62e6c82 premium-accordion__content_wrap\"><div class=\"premium-accordion__title_wrap premium-accordion__ltr premium-accordion__out\"><div class=\"premium-accordion__title\"><h4 class=\"premium-accordion__title_text\">Should I also enable Keycloak&#8217;s built-in brute force protection?<\/h4><\/div><div class=\"premium-accordion__icon_wrap\"><svg class=\"premium-accordion__icon\" role=\"img\" focusable=\"false\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewBox=\"0 0 20 20\"><polygon points=\"16.7,3.3 10,10 3.3,3.4 0,6.7 10,16.7 10,16.6 20,6.7 \"><\/polygon><\/svg><\/div><\/div><div class=\"premium-accordion__desc_wrap\"><p class=\"premium-accordion__desc\">Yes, and the two mechanisms complement each other well. CAPTCHA.eu stops automated bots from reaching the point of submitting credentials at all. Keycloak&#8217;s built-in brute force detection then handles the cases that slip through by temporarily locking accounts after repeated failures. Running both gives you defense in depth. See our guide on\u00a0<a href=\"https:\/\/www.captcha.eu\/how-to-prevent-brute-force-attacks-on-your-website\/\">preventing brute force attacks<\/a>\u00a0for the broader strategy.<\/p><\/div><\/div>\n\n\n\n<div class=\"wp-block-premium-accordion-item premium-accordion-item-bd32b2b2250a premium-accordion__content_wrap\"><div class=\"premium-accordion__title_wrap premium-accordion__ltr premium-accordion__out\"><div class=\"premium-accordion__title\"><h4 class=\"premium-accordion__title_text\">Is CAPTCHA.eu suitable for enterprise SSO deployments?<\/h4><\/div><div class=\"premium-accordion__icon_wrap\"><svg class=\"premium-accordion__icon\" role=\"img\" focusable=\"false\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewBox=\"0 0 20 20\"><polygon points=\"16.7,3.3 10,10 3.3,3.4 0,6.7 10,16.7 10,16.6 20,6.7 \"><\/polygon><\/svg><\/div><\/div><div class=\"premium-accordion__desc_wrap\"><p class=\"premium-accordion__desc\">Yes. CAPTCHA.eu is used by organisations including \u00d6BB, OeNB, and DGUV: environments where authentication security and procurement documentation both receive formal review. Austria-hosted processing and T\u00dcV Austria WCAG 2.2 AA certification provide the documented evidence that enterprise and public-sector security reviews typically require.<\/p><\/div><\/div>\n<\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading has-text-color has-link-color has-large-font-size wp-elements-35238059df35ed9dad481dbef77b1fc7\" id=\"h-related-reading\" style=\"color:#2b7ca4\">Related reading<\/h2>\n\n\n<div class=\"root-eb-post-carousel-2ei7e wp-block-essential-blocks-post-carousel\">\n    <div class=\"eb-parent-wrapper eb-parent-eb-post-carousel-2ei7e \">\n        <div class=\"eb-post-carousel-2ei7e style-2 slick-arrows equal-height dot-style-1 eb-post-carousel-wrapper\"\n            data-id=\"eb-post-carousel-2ei7e\"\n            data-querydata=\"a:13:{s:6:&quot;source&quot;;s:4:&quot;post&quot;;s:11:&quot;sourceIndex&quot;;i:0;s:9:&quot;rest_base&quot;;s:5:&quot;posts&quot;;s:14:&quot;rest_namespace&quot;;s:5:&quot;wp\/v2&quot;;s:6:&quot;author&quot;;s:0:&quot;&quot;;s:10:&quot;taxonomies&quot;;a:0:{}s:8:&quot;per_page&quot;;s:1:&quot;5&quot;;s:6:&quot;offset&quot;;s:1:&quot;0&quot;;s:7:&quot;orderby&quot;;s:4:&quot;date&quot;;s:5:&quot;order&quot;;s:4:&quot;desc&quot;;s:7:&quot;include&quot;;s:365:&quot;[{&quot;value&quot;:3616,&quot;label&quot;:&quot;How to Prevent Credential Stuffing Attacks on Your Website&quot;},{&quot;value&quot;:3604,&quot;label&quot;:&quot;How to Prevent Brute Force Attacks on Your Website&quot;},{&quot;value&quot;:3672,&quot;label&quot;:&quot;WordPress reCAPTCHA Alternative: How to Replace reCAPTCHA on European Websites&quot;},{&quot;value&quot;:3680,&quot;label&quot;:&quot;TYPO3 reCAPTCHA Alternative: How to Replace reCAPTCHA on European Websites&quot;}]&quot;;s:7:&quot;exclude&quot;;s:0:&quot;&quot;;s:15:&quot;exclude_current&quot;;b:0;}\"\n            data-slidersettings=\"{&quot;arrows&quot;:true,&quot;dots&quot;:true,&quot;autoplaySpeed&quot;:3000,&quot;speed&quot;:500,&quot;adaptiveHeight&quot;:true,&quot;autoplay&quot;:true,&quot;infinite&quot;:true,&quot;pauseOnHover&quot;:true,&quot;slideToShowRange&quot;:3,&quot;leftArrowIcon&quot;:&quot;fas fa-chevron-circle-left&quot;,&quot;rightArrowIcon&quot;:&quot;fas fa-chevron-circle-right&quot;,&quot;addIcon&quot;:false,&quot;showFallbackImg&quot;:false,&quot;fallbackImgUrl&quot;:&quot;&quot;,&quot;TABslideToShowRange&quot;:2,&quot;MOBslideToShowRange&quot;:1}\"\n            data-attributes=\"{&quot;preset&quot;:&quot;style-2&quot;,&quot;showThumbnail&quot;:false,&quot;showTitle&quot;:true,&quot;titleLength&quot;:&quot;10&quot;,&quot;titleTag&quot;:&quot;h2&quot;,&quot;showContent&quot;:true,&quot;contentLength&quot;:20,&quot;expansionIndicator&quot;:&quot;...&quot;,&quot;showReadMore&quot;:true,&quot;readmoreText&quot;:&quot;Read More&quot;,&quot;showMeta&quot;:true,&quot;headerMeta&quot;:&quot;[]&quot;,&quot;footerMeta&quot;:&quot;[]&quot;,&quot;authorPrefix&quot;:&quot;by&quot;,&quot;datePrefix&quot;:&quot;&quot;,&quot;showBlockContent&quot;:true,&quot;leftArrowIcon&quot;:&quot;fas fa-chevron-circle-left&quot;,&quot;rightArrowIcon&quot;:&quot;fas fa-chevron-circle-right&quot;,&quot;showFallbackImg&quot;:false}\">\n\n            <div class=\"eb-post-carousel init-eb-post-carousel-2ei7e\"\n                data-id=\"eb-post-carousel-2ei7e\">\n                <article class=\"ebpg-carousel-post ebpg-post-carousel-column\" data-id=\"3680\"><div class=\"ebpg-carousel-post-holder\"><div class=\"ebpg-entry-wrapper\"><div class=\"ebpg-entry-meta ebpg-header-meta\"><div class=\"ebpg-entry-meta-items\"><\/div><\/div><header class=\"ebpg-entry-header\">\n            <h2 class=\"ebpg-entry-title\">\n                <a class=\"ebpg-carousel-post-link\" href=\"https:\/\/www.captcha.eu\/de\/typo3-recaptcha-alternative\/\" title=\"TYPO3 reCAPTCHA Alternative: How to Replace reCAPTCHA on European Websites\">TYPO3 reCAPTCHA Alternative: How to Replace reCAPTCHA on European Websites<\/a>\n            <\/h2>\n        <\/header><div class=\"ebpg-entry-content\"><div class=\"ebpg-carousel-post-excerpt\">\n            <p>reCAPTCHA on TYPO3 means cookies, US data transfers and a growing compliance burden that most DACH teams no longer want&#8230;<\/p>\n        <\/div><div class=\"ebpg-readmore-btn\">\n            <a href=\"https:\/\/www.captcha.eu\/de\/typo3-recaptcha-alternative\/\"> Read More <\/a>\n        <\/div><\/div><div class=\"ebpg-entry-meta ebpg-footer-meta\"><div class=\"ebpg-entry-meta-items\"><\/div><\/div><\/div><\/div><\/article><article class=\"ebpg-carousel-post ebpg-post-carousel-column\" data-id=\"3672\"><div class=\"ebpg-carousel-post-holder\"><div class=\"ebpg-entry-wrapper\"><div class=\"ebpg-entry-meta ebpg-header-meta\"><div class=\"ebpg-entry-meta-items\"><\/div><\/div><header class=\"ebpg-entry-header\">\n            <h2 class=\"ebpg-entry-title\">\n                <a class=\"ebpg-carousel-post-link\" href=\"https:\/\/www.captcha.eu\/de\/wordpress-recaptcha-alternative\/\" title=\"WordPress reCAPTCHA Alternative: How to Replace reCAPTCHA on European Websites\">WordPress reCAPTCHA Alternative: How to Replace reCAPTCHA on European Websites<\/a>\n            <\/h2>\n        <\/header><div class=\"ebpg-entry-content\"><div class=\"ebpg-carousel-post-excerpt\">\n            <p>Google reCAPTCHA works on WordPress. But when you look at what it means for GDPR, cookies, and US data transfers,&#8230;<\/p>\n        <\/div><div class=\"ebpg-readmore-btn\">\n            <a href=\"https:\/\/www.captcha.eu\/de\/wordpress-recaptcha-alternative\/\"> Read More <\/a>\n        <\/div><\/div><div class=\"ebpg-entry-meta ebpg-footer-meta\"><div class=\"ebpg-entry-meta-items\"><\/div><\/div><\/div><\/div><\/article><article class=\"ebpg-carousel-post ebpg-post-carousel-column\" data-id=\"3616\"><div class=\"ebpg-carousel-post-holder\"><div class=\"ebpg-entry-wrapper\"><div class=\"ebpg-entry-meta ebpg-header-meta\"><div class=\"ebpg-entry-meta-items\"><\/div><\/div><header class=\"ebpg-entry-header\">\n            <h2 class=\"ebpg-entry-title\">\n                <a class=\"ebpg-carousel-post-link\" href=\"https:\/\/www.captcha.eu\/de\/wie-man-angriffe-zum-ausfullen-von-anmeldeinformationen-verhindert\/\" title=\"How to Prevent Credential Stuffing Attacks on Your Website\">How to Prevent Credential Stuffing Attacks on Your Website<\/a>\n            <\/h2>\n        <\/header><div class=\"ebpg-entry-content\"><div class=\"ebpg-carousel-post-excerpt\">\n            <p>Credential stuffing attacks use real passwords stolen from prior breaches, not guesswork. That makes them faster, harder to detect, and&#8230;<\/p>\n        <\/div><div class=\"ebpg-readmore-btn\">\n            <a href=\"https:\/\/www.captcha.eu\/de\/wie-man-angriffe-zum-ausfullen-von-anmeldeinformationen-verhindert\/\"> Read More <\/a>\n        <\/div><\/div><div class=\"ebpg-entry-meta ebpg-footer-meta\"><div class=\"ebpg-entry-meta-items\"><\/div><\/div><\/div><\/div><\/article><article class=\"ebpg-carousel-post ebpg-post-carousel-column\" data-id=\"3604\"><div class=\"ebpg-carousel-post-holder\"><div class=\"ebpg-entry-wrapper\"><div class=\"ebpg-entry-meta ebpg-header-meta\"><div class=\"ebpg-entry-meta-items\"><\/div><\/div><header class=\"ebpg-entry-header\">\n            <h2 class=\"ebpg-entry-title\">\n                <a class=\"ebpg-carousel-post-link\" href=\"https:\/\/www.captcha.eu\/de\/wie-sie-brute-force-angriffe-auf-ihre-website-verhindern-koennen\/\" title=\"How to Prevent Brute Force Attacks on Your Website\">How to Prevent Brute Force Attacks on Your Website<\/a>\n            <\/h2>\n        <\/header><div class=\"ebpg-entry-content\"><div class=\"ebpg-carousel-post-excerpt\">\n            <p>Brute force attacks are one of the most persistent threats to website security. In 2026, they combine stolen credential lists,&#8230;<\/p>\n        <\/div><div class=\"ebpg-readmore-btn\">\n            <a href=\"https:\/\/www.captcha.eu\/de\/wie-sie-brute-force-angriffe-auf-ihre-website-verhindern-koennen\/\"> Read More <\/a>\n        <\/div><\/div><div class=\"ebpg-entry-meta ebpg-footer-meta\"><div class=\"ebpg-entry-meta-items\"><\/div><\/div><\/div><\/div><\/article>            <\/div>\n        <\/div>\n    <\/div>\n<\/div>\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<div class=\"wp-block-essential-blocks-infobox  root-eb-infobox-9biss\"><div class=\"eb-parent-wrapper eb-parent-eb-infobox-9biss \"><div class=\"eb-infobox-9biss eb-infobox-wrapper\"><div class=\"infobox-wrapper-inner\"><div class=\"contents-wrapper\"><p class=\"description\">Primary sources<br><a href=\"https:\/\/www.captcha.eu\/captcha-plugin-for-keycloak\/\" target=\"_blank\" rel=\"noreferrer noopener\">CAPTCHA.eu Keycloak plugin page<\/a>: official installation guide and FTL snippets for all three flows<br><a href=\"https:\/\/friendlycaptcha.com\/integrations\/keycloak-captcha\/\" target=\"_blank\" rel=\"noreferrer noopener\">Friendly Captcha Keycloak integration page<\/a>: confirms Keycloak 26.1.0+ and Java 17+ requirements<br><a href=\"https:\/\/github.com\/lacontrevoie\/keycloak-altcha\" target=\"_blank\" rel=\"noreferrer noopener\">keycloak-altcha (GitHub)<\/a>: community ALTCHA extension for Keycloak, registration flow only<br><a href=\"https:\/\/github.com\/keycloak\/keycloak\/issues\/41057\" target=\"_blank\" rel=\"noreferrer noopener\">Keycloak GitHub issue #41057<\/a>: community discussion on native non-Google CAPTCHA support in Keycloak<br><a href=\"https:\/\/docs.cloud.google.com\/recaptcha\/docs\/faq\" target=\"_blank\" rel=\"noreferrer noopener\">Google reCAPTCHA FAQ (April 2026)<\/a>: confirms the\u00a0<code>_grecaptcha<\/code>\u00a0cookie remains after the processor model change<br><a href=\"https:\/\/www.captcha.eu\/captcha-eu-achieves-waca-silver-certification-setting-new-standards-in-accessible-digital-security\/\" target=\"_blank\" rel=\"noreferrer noopener\">CAPTCHA.eu WCAG 2.2 AA certification<\/a>: independently certified by T\u00dcV Austria<br><strong>Transparency:<\/strong>\u00a0This article is written by the CAPTCHA.eu team and includes our own product. Competitor options are characterised based on current public documentation. If you find an inaccuracy,\u00a0<a href=\"https:\/\/www.captcha.eu\/contact-us\/\">contact us<\/a>\u00a0and we will correct it.<\/p><\/div><\/div><\/div><\/div><\/div>\n\n\n\n<div class=\"wp-block-group has-vivid-cyan-blue-background-color has-background is-layout-constrained wp-block-group-is-layout-constrained\" style=\"padding-top:2rem;padding-bottom:2rem\">\n<h2 class=\"wp-block-heading has-text-align-center has-background-color has-text-color has-extra-large-font-size\" id=\"h-try-the-european-alternative-built-for-privacy-first-deployments\">Try the European alternative built for privacy-first deployments<\/h2>\n\n\n\n<p class=\"has-text-align-center has-background-color has-text-color\">If your team needs low-friction bot protection with Austrian hosting, no cookies at the CAPTCHA layer, EU-based processing, transparent pricing, and T\u00dcV-certified accessibility, test CAPTCHA.eu on a real flow before you decide. Start with your login, sign-up, or contact form. 100 free requests, no credit card required.<\/p>\n\n\n\n<div class=\"wp-block-buttons is-content-justification-center is-layout-flex wp-container-core-buttons-is-layout-de3b580a wp-block-buttons-is-layout-flex\" style=\"margin-top:3rem\">\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link has-body-text-color has-background-background-color has-text-color has-background wp-element-button\" href=\"https:\/\/www.captcha.eu\/login\">Start free trial<\/a><\/div>\n\n\n\n<div class=\"wp-block-button is-style-outline is-style-outline--2\"><a class=\"wp-block-button__link has-background-color has-text-color wp-element-button\" href=\"https:\/\/www.captcha.eu\/contact-us\/\">Contact sales<\/a><\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Keycloak ships with reCAPTCHA built into its registration flow. For European organisations, that default creates cookies, US data transfers, and a privacy documentation burden on the three flows that matter most: login, registration and password reset. This guide explains how to replace reCAPTCHA in Keycloak with a cookieless, EU-hosted alternative [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":3690,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_eb_attr":"","footnotes":""},"categories":[19],"tags":[],"class_list":["post-3687","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-new-blog"],"acf":{"pretitle":"","intern_slug":""},"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.0 (Yoast SEO v27.0) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Keycloak reCAPTCHA Alternative: How to Replace It in 2026<\/title>\n<meta name=\"description\" content=\"Replace reCAPTCHA on Keycloak without cookies or consent-banner overhead. Compare GDPR-friendly alternatives and switch in minutes.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.captcha.eu\/de\/keycloak-recaptcha-alternative\/\" \/>\n<meta property=\"og:locale\" content=\"de_DE\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Keycloak reCAPTCHA Alternative for European Teams (2026)\" \/>\n<meta property=\"og:description\" content=\"Replace reCAPTCHA on Keycloak without cookies or consent-banner overhead. Compare GDPR-friendly alternatives and switch in minutes.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.captcha.eu\/de\/keycloak-recaptcha-alternative\/\" \/>\n<meta property=\"og:site_name\" content=\"captcha.eu\" \/>\n<meta property=\"article:published_time\" content=\"2026-04-20T13:34:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-20T14:02:45+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.captcha.eu\/wp-content\/uploads\/2026\/04\/Captcha.eu-5.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"1080\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Captcha\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@captcha_eu\" \/>\n<meta name=\"twitter:site\" content=\"@captcha_eu\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Captcha\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"14 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.captcha.eu\/keycloak-recaptcha-alternative\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.captcha.eu\/keycloak-recaptcha-alternative\/\"},\"author\":{\"name\":\"Captcha\",\"@id\":\"https:\/\/www.captcha.eu\/#\/schema\/person\/f1e4886cdd0c5bbbb44279dd0d95445a\"},\"headline\":\"Keycloak reCAPTCHA Alternative for European Teams (2026)\",\"datePublished\":\"2026-04-20T13:34:00+00:00\",\"dateModified\":\"2026-04-20T14:02:45+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.captcha.eu\/keycloak-recaptcha-alternative\/\"},\"wordCount\":2980,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.captcha.eu\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.captcha.eu\/keycloak-recaptcha-alternative\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.captcha.eu\/wp-content\/uploads\/2026\/04\/Captcha.eu-5.jpg\",\"articleSection\":[\"Blog\"],\"inLanguage\":\"de-DE\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.captcha.eu\/keycloak-recaptcha-alternative\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.captcha.eu\/keycloak-recaptcha-alternative\/\",\"url\":\"https:\/\/www.captcha.eu\/keycloak-recaptcha-alternative\/\",\"name\":\"Keycloak reCAPTCHA Alternative: How to Replace It in 2026\",\"isPartOf\":{\"@id\":\"https:\/\/www.captcha.eu\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.captcha.eu\/keycloak-recaptcha-alternative\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.captcha.eu\/keycloak-recaptcha-alternative\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.captcha.eu\/wp-content\/uploads\/2026\/04\/Captcha.eu-5.jpg\",\"datePublished\":\"2026-04-20T13:34:00+00:00\",\"dateModified\":\"2026-04-20T14:02:45+00:00\",\"description\":\"Replace reCAPTCHA on Keycloak without cookies or consent-banner overhead. Compare GDPR-friendly alternatives and switch in minutes.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.captcha.eu\/keycloak-recaptcha-alternative\/#breadcrumb\"},\"inLanguage\":\"de-DE\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.captcha.eu\/keycloak-recaptcha-alternative\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"de-DE\",\"@id\":\"https:\/\/www.captcha.eu\/keycloak-recaptcha-alternative\/#primaryimage\",\"url\":\"https:\/\/www.captcha.eu\/wp-content\/uploads\/2026\/04\/Captcha.eu-5.jpg\",\"contentUrl\":\"https:\/\/www.captcha.eu\/wp-content\/uploads\/2026\/04\/Captcha.eu-5.jpg\",\"width\":1920,\"height\":1080,\"caption\":\"captcha.eu\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.captcha.eu\/keycloak-recaptcha-alternative\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.captcha.eu\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Keycloak reCAPTCHA Alternative for European Teams (2026)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.captcha.eu\/#website\",\"url\":\"https:\/\/www.captcha.eu\/\",\"name\":\"captcha.eu\",\"description\":\"The GDPR-compliant message protection | captcha.eu\",\"publisher\":{\"@id\":\"https:\/\/www.captcha.eu\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.captcha.eu\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"de-DE\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.captcha.eu\/#organization\",\"name\":\"captcha.eu\",\"url\":\"https:\/\/www.captcha.eu\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de-DE\",\"@id\":\"https:\/\/www.captcha.eu\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.captcha.eu\/wp-content\/uploads\/2024\/02\/Captcha_mono-C_Logo.svg\",\"contentUrl\":\"https:\/\/www.captcha.eu\/wp-content\/uploads\/2024\/02\/Captcha_mono-C_Logo.svg\",\"width\":24,\"height\":28,\"caption\":\"captcha.eu\"},\"image\":{\"@id\":\"https:\/\/www.captcha.eu\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/captcha_eu\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.captcha.eu\/#\/schema\/person\/f1e4886cdd0c5bbbb44279dd0d95445a\",\"name\":\"Captcha\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de-DE\",\"@id\":\"https:\/\/www.captcha.eu\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/48b669a092d552f5f30202f8da848c93fa4c54f8c2b3167568ed5cbccbe4994a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/48b669a092d552f5f30202f8da848c93fa4c54f8c2b3167568ed5cbccbe4994a?s=96&d=mm&r=g\",\"caption\":\"Captcha\"},\"sameAs\":[\"https:\/\/www.captcha.eu\"],\"url\":\"https:\/\/www.captcha.eu\/de\/author\/admin\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Keycloak reCAPTCHA Alternative: Wie man es im Jahr 2026 ersetzen kann","description":"Ersetzen Sie reCAPTCHA auf Keycloak ohne Cookies oder Zustimmungsbanner. Vergleichen Sie GDPR-freundliche Alternativen und wechseln Sie in wenigen Minuten.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.captcha.eu\/de\/keycloak-recaptcha-alternative\/","og_locale":"de_DE","og_type":"article","og_title":"Keycloak reCAPTCHA Alternative for European Teams (2026)","og_description":"Replace reCAPTCHA on Keycloak without cookies or consent-banner overhead. Compare GDPR-friendly alternatives and switch in minutes.","og_url":"https:\/\/www.captcha.eu\/de\/keycloak-recaptcha-alternative\/","og_site_name":"captcha.eu","article_published_time":"2026-04-20T13:34:00+00:00","article_modified_time":"2026-04-20T14:02:45+00:00","og_image":[{"width":1920,"height":1080,"url":"https:\/\/www.captcha.eu\/wp-content\/uploads\/2026\/04\/Captcha.eu-5.jpg","type":"image\/jpeg"}],"author":"Captcha","twitter_card":"summary_large_image","twitter_creator":"@captcha_eu","twitter_site":"@captcha_eu","twitter_misc":{"Written by":"Captcha","Est. reading time":"14 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.captcha.eu\/keycloak-recaptcha-alternative\/#article","isPartOf":{"@id":"https:\/\/www.captcha.eu\/keycloak-recaptcha-alternative\/"},"author":{"name":"Captcha","@id":"https:\/\/www.captcha.eu\/#\/schema\/person\/f1e4886cdd0c5bbbb44279dd0d95445a"},"headline":"Keycloak reCAPTCHA Alternative for European Teams (2026)","datePublished":"2026-04-20T13:34:00+00:00","dateModified":"2026-04-20T14:02:45+00:00","mainEntityOfPage":{"@id":"https:\/\/www.captcha.eu\/keycloak-recaptcha-alternative\/"},"wordCount":2980,"commentCount":0,"publisher":{"@id":"https:\/\/www.captcha.eu\/#organization"},"image":{"@id":"https:\/\/www.captcha.eu\/keycloak-recaptcha-alternative\/#primaryimage"},"thumbnailUrl":"https:\/\/www.captcha.eu\/wp-content\/uploads\/2026\/04\/Captcha.eu-5.jpg","articleSection":["Blog"],"inLanguage":"de-DE","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.captcha.eu\/keycloak-recaptcha-alternative\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.captcha.eu\/keycloak-recaptcha-alternative\/","url":"https:\/\/www.captcha.eu\/keycloak-recaptcha-alternative\/","name":"Keycloak reCAPTCHA Alternative: Wie man es im Jahr 2026 ersetzen kann","isPartOf":{"@id":"https:\/\/www.captcha.eu\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.captcha.eu\/keycloak-recaptcha-alternative\/#primaryimage"},"image":{"@id":"https:\/\/www.captcha.eu\/keycloak-recaptcha-alternative\/#primaryimage"},"thumbnailUrl":"https:\/\/www.captcha.eu\/wp-content\/uploads\/2026\/04\/Captcha.eu-5.jpg","datePublished":"2026-04-20T13:34:00+00:00","dateModified":"2026-04-20T14:02:45+00:00","description":"Ersetzen Sie reCAPTCHA auf Keycloak ohne Cookies oder Zustimmungsbanner. Vergleichen Sie GDPR-freundliche Alternativen und wechseln Sie in wenigen Minuten.","breadcrumb":{"@id":"https:\/\/www.captcha.eu\/keycloak-recaptcha-alternative\/#breadcrumb"},"inLanguage":"de-DE","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.captcha.eu\/keycloak-recaptcha-alternative\/"]}]},{"@type":"ImageObject","inLanguage":"de-DE","@id":"https:\/\/www.captcha.eu\/keycloak-recaptcha-alternative\/#primaryimage","url":"https:\/\/www.captcha.eu\/wp-content\/uploads\/2026\/04\/Captcha.eu-5.jpg","contentUrl":"https:\/\/www.captcha.eu\/wp-content\/uploads\/2026\/04\/Captcha.eu-5.jpg","width":1920,"height":1080,"caption":"captcha.eu"},{"@type":"BreadcrumbList","@id":"https:\/\/www.captcha.eu\/keycloak-recaptcha-alternative\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.captcha.eu\/"},{"@type":"ListItem","position":2,"name":"Keycloak reCAPTCHA Alternative for European Teams (2026)"}]},{"@type":"WebSite","@id":"https:\/\/www.captcha.eu\/#website","url":"https:\/\/www.captcha.eu\/","name":"ist captcha.eu","description":"Der DSGVO-konforme Nachrichtenschutz | captcha.eu","publisher":{"@id":"https:\/\/www.captcha.eu\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.captcha.eu\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"de-DE"},{"@type":"Organization","@id":"https:\/\/www.captcha.eu\/#organization","name":"ist captcha.eu","url":"https:\/\/www.captcha.eu\/","logo":{"@type":"ImageObject","inLanguage":"de-DE","@id":"https:\/\/www.captcha.eu\/#\/schema\/logo\/image\/","url":"https:\/\/www.captcha.eu\/wp-content\/uploads\/2024\/02\/Captcha_mono-C_Logo.svg","contentUrl":"https:\/\/www.captcha.eu\/wp-content\/uploads\/2024\/02\/Captcha_mono-C_Logo.svg","width":24,"height":28,"caption":"captcha.eu"},"image":{"@id":"https:\/\/www.captcha.eu\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/captcha_eu"]},{"@type":"Person","@id":"https:\/\/www.captcha.eu\/#\/schema\/person\/f1e4886cdd0c5bbbb44279dd0d95445a","name":"Captcha","image":{"@type":"ImageObject","inLanguage":"de-DE","@id":"https:\/\/www.captcha.eu\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/48b669a092d552f5f30202f8da848c93fa4c54f8c2b3167568ed5cbccbe4994a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/48b669a092d552f5f30202f8da848c93fa4c54f8c2b3167568ed5cbccbe4994a?s=96&d=mm&r=g","caption":"Captcha"},"sameAs":["https:\/\/www.captcha.eu"],"url":"https:\/\/www.captcha.eu\/de\/author\/admin\/"}]}},"pbg_featured_image_src":{"full":["https:\/\/www.captcha.eu\/wp-content\/uploads\/2026\/04\/Captcha.eu-5.jpg",1920,1080,false],"thumbnail":["https:\/\/www.captcha.eu\/wp-content\/uploads\/2026\/04\/Captcha.eu-5-150x150.jpg",150,150,true],"medium":["https:\/\/www.captcha.eu\/wp-content\/uploads\/2026\/04\/Captcha.eu-5-300x169.jpg",300,169,true],"medium_large":["https:\/\/www.captcha.eu\/wp-content\/uploads\/2026\/04\/Captcha.eu-5-768x432.jpg",768,432,true],"large":["https:\/\/www.captcha.eu\/wp-content\/uploads\/2026\/04\/Captcha.eu-5-1024x576.jpg",1024,576,true],"1536x1536":["https:\/\/www.captcha.eu\/wp-content\/uploads\/2026\/04\/Captcha.eu-5-1536x864.jpg",1536,864,true],"2048x2048":["https:\/\/www.captcha.eu\/wp-content\/uploads\/2026\/04\/Captcha.eu-5.jpg",1920,1080,false],"trp-custom-language-flag":["https:\/\/www.captcha.eu\/wp-content\/uploads\/2026\/04\/Captcha.eu-5-18x10.jpg",18,10,true]},"pbg_author_info":{"display_name":"Captcha","author_link":"https:\/\/www.captcha.eu\/de\/author\/admin\/","author_img":"<img alt='Captcha' src='https:\/\/secure.gravatar.com\/avatar\/48b669a092d552f5f30202f8da848c93fa4c54f8c2b3167568ed5cbccbe4994a?s=128&#038;d=mm&#038;r=g' srcset='https:\/\/secure.gravatar.com\/avatar\/48b669a092d552f5f30202f8da848c93fa4c54f8c2b3167568ed5cbccbe4994a?s=256&#038;d=mm&#038;r=g 2x' class='avatar avatar-128 photo' height='128' width='128' loading='lazy' decoding='async'\/>"},"pbg_comment_info":"1 comment","pbg_excerpt":"Keycloak ships with reCAPTCHA built into its registration flow. For European organisations, that default creates cookies, US data transfers, and a privacy documentation burden on the three flows that matter most: login, registration and password reset. This guide explains how to replace reCAPTCHA in Keycloak with a cookieless, EU-hosted alternative [&hellip;]","_links":{"self":[{"href":"https:\/\/www.captcha.eu\/de\/wp-json\/wp\/v2\/posts\/3687","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.captcha.eu\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.captcha.eu\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.captcha.eu\/de\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.captcha.eu\/de\/wp-json\/wp\/v2\/comments?post=3687"}],"version-history":[{"count":26,"href":"https:\/\/www.captcha.eu\/de\/wp-json\/wp\/v2\/posts\/3687\/revisions"}],"predecessor-version":[{"id":3723,"href":"https:\/\/www.captcha.eu\/de\/wp-json\/wp\/v2\/posts\/3687\/revisions\/3723"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.captcha.eu\/de\/wp-json\/wp\/v2\/media\/3690"}],"wp:attachment":[{"href":"https:\/\/www.captcha.eu\/de\/wp-json\/wp\/v2\/media?parent=3687"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.captcha.eu\/de\/wp-json\/wp\/v2\/categories?post=3687"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.captcha.eu\/de\/wp-json\/wp\/v2\/tags?post=3687"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}