diff --git a/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/_index.md b/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/_index.md
new file mode 100644
index 0000000000..a70dab2e9c
--- /dev/null
+++ b/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/_index.md
@@ -0,0 +1,71 @@
+---
+title: Deploy Keycloak on Azure Cobalt 100 Arm64 virtual machines for identity and access management
+
+description: Learn how to install and configure Keycloak on an Azure Cobalt 100 Arm64 virtual machine, integrate it with PostgreSQL, configure OAuth2/OpenID Connect authentication, and secure applications using centralized identity management.
+
+minutes_to_complete: 90
+
+who_is_this_for: This is an introductory topic for developers, DevOps engineers, platform engineers, and cloud architects who want to deploy centralized authentication and identity management using Keycloak on Arm-based cloud environments.
+
+learning_objectives:
+    - Install and configure Keycloak on Azure Cobalt 100 Arm64 virtual machines
+    - Configure PostgreSQL as the backend database for Keycloak
+    - Configure realms, users, and OAuth2/OpenID Connect clients
+    - Integrate a Flask application with Keycloak authentication
+    - Validate OAuth2/OpenID Connect authentication workflows
+
+prerequisites:
+  - A [Microsoft Azure account](https://azure.microsoft.com/) with access to Cobalt 100 based instances (Dpsv6)
+  - Basic knowledge of Linux command-line operations
+  - Familiarity with SSH and remote server access
+  - Basic understanding of authentication, OAuth2, and identity management concepts
+
+author: Pareena Verma
+
+### Tags
+skilllevels: Introductory
+subjects: Containers and Virtualization
+cloud_service_providers:
+  - Microsoft Azure
+
+armips:
+    - Neoverse
+
+tools_software_languages:
+    - Keycloak
+    - PostgreSQL
+    - Flask
+    - Python
+    - Java
+
+operatingsystems:
+    - Linux
+
+further_reading:
+  - resource:
+      title: Keycloak Official Website
+      link: https://www.keycloak.org/
+      type: website
+  - resource:
+      title: Keycloak Documentation
+      link: https://www.keycloak.org/documentation
+      type: documentation
+  - resource:
+      title: OAuth 2.0 Framework
+      link: https://oauth.net/2/
+      type: documentation
+  - resource:
+      title: OpenID Connect Documentation
+      link: https://openid.net/connect/
+      type: documentation
+  - resource:
+      title: Azure Cobalt 100 processors
+      link: https://techcommunity.microsoft.com/blog/azurecompute/announcing-the-preview-of-new-azure-vms-based-on-the-azure-cobalt-100-processor/4146353
+      type: documentation
+
+### FIXED, DO NOT MODIFY
+# ================================================================================
+weight: 1
+layout: "learningpathall"
+learning_path_main_page: "yes"
+---
diff --git a/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/_next-steps.md b/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/_next-steps.md
new file mode 100644
index 0000000000..c3db0de5a2
--- /dev/null
+++ b/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/_next-steps.md
@@ -0,0 +1,8 @@
+---
+# ================================================================================
+#       FIXED, DO NOT MODIFY THIS FILE
+# ================================================================================
+weight: 21                  # Set to always be larger than the content in this path to be at the end of the navigation.
+title: "Next Steps"         # Always the same, html page title.
+layout: "learningpathall"   # All files under learning paths have this same wrapper for Hugo processing.
+---
diff --git a/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/background.md b/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/background.md
new file mode 100644
index 0000000000..ad4c43895d
--- /dev/null
+++ b/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/background.md
@@ -0,0 +1,49 @@
+---
+title: Understand Keycloak on Azure Cobalt 100
+weight: 2
+
+layout: "learningpathall"
+---
+
+## Why run Keycloak on Azure Cobalt 100
+
+Keycloak on Arm-based Azure Cobalt 100 processors delivers scalable and efficient identity and access management for modern cloud-native applications. Azure Cobalt 100 processors provide dedicated physical cores per vCPU, which helps deliver predictable performance for authentication workloads, user management, and OAuth2/OpenID Connect flows.
+
+Keycloak benefits from the strong multi-core performance and energy efficiency of Arm-based Azure infrastructure, making it well suited for enterprise authentication systems, API security, and cloud-native identity platforms.
+
+## Azure Cobalt 100 Arm-based processor
+
+Azure’s Cobalt 100 is Microsoft’s first-generation, in-house Arm-based processor. Built on Arm Neoverse N2, Cobalt 100 is a 64-bit CPU that delivers strong performance and energy efficiency for cloud-native, scale-out Linux workloads. These workloads include web and application servers, data analytics, open-source databases, and caching systems. Running at 3.4 GHz, Cobalt 100 allocates a dedicated physical core for each vCPU, ensuring consistent and predictable performance.
+
+To learn more, see the Microsoft blog [Announcing the preview of new Azure VMs based on the Azure Cobalt 100 processor](https://techcommunity.microsoft.com/blog/azurecompute/announcing-the-preview-of-new-azure-vms-based-on-the-azure-cobalt-100-processor/4146353).
+
+## How Keycloak improves authentication and identity management
+
+Keycloak is an open-source Identity and Access Management (IAM) platform that simplifies authentication and authorization for applications and services.
+
+Keycloak supports modern authentication standards such as:
+
+- OAuth2
+- OpenID Connect (OIDC)
+- SAML
+
+Keycloak provides centralized authentication, allowing users to log in once and securely access multiple applications using Single Sign-On (SSO).
+
+Keycloak integrates with web applications, APIs, Kubernetes platforms, microservices, and enterprise identity systems, making it ideal for securing cloud-native workloads.
+
+To learn more, see the official [Keycloak documentation](https://www.keycloak.org/documentation).
+
+Keycloak provides several important capabilities for authentication and security management:
+
+- Single Sign-On (SSO): Enables users to authenticate once and access multiple applications securely.
+- Centralized Identity Management: Manages users, roles, groups, and authentication policies from a single platform.
+- OAuth2 and OpenID Connect Support: Simplifies secure API and application authentication workflows.
+- Multi-factor Authentication (MFA): Improves account security using additional authentication methods.
+- User Federation: Integrates with enterprise identity systems such as LDAP and Active Directory.
+- Role-Based Access Control (RBAC): Controls user permissions and application access securely.
+
+In this Learning Path, you'll deploy Keycloak on an Azure Cobalt 100 Arm64 virtual machine and configure PostgreSQL as the backend database. You'll create realms, users, and OAuth2/OpenID Connect clients, then integrate a Flask application with Keycloak authentication.
+
+## What you've learned and what's next
+
+You now understand why Azure Cobalt 100 and Keycloak are a strong combination for scalable authentication and identity management workloads. Next, you'll create the virtual machine that will run Keycloak and the Flask OAuth2 demo application throughout this Learning Path.
diff --git a/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/firewall.md b/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/firewall.md
new file mode 100644
index 0000000000..424ea64f5c
--- /dev/null
+++ b/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/firewall.md
@@ -0,0 +1,74 @@
+---
+title: Allow access to Keycloak and Flask application on Azure
+weight: 4
+
+### FIXED, DO NOT MODIFY
+layout: learningpathall
+---
+
+## Configure external traffic for Keycloak and Flask application
+
+To allow external traffic for Keycloak and the Flask OAuth2 demo application on an Azure virtual machine, open the required ports in the Network Security Group (NSG). The NSG can be attached to the virtual machine's network interface or subnet.
+
+{{% notice Note %}}
+For more information about Azure setup, see [Getting started with Microsoft Azure Platform](/learning-paths/servers-and-cloud-computing/csp/azure/).
+{{% /notice %}}
+
+### Add inbound firewall rules in Azure
+
+To expose the required ports for Keycloak and the Flask application, create firewall rules.
+
+1. Navigate to the [Azure portal](https://portal.azure.com), go to **Virtual Machines**, and select your virtual machine.
+
+![Azure Portal Virtual Machines page with the target Azure Cobalt 100 Arm64 virtual machine selected before configuring network access for Keycloak.#center](images/virtual_machine.png "Azure Virtual Machines page")
+
+2. In the left menu, select **Networking**, then select **Network settings**.
+
+![Azure Portal Networking page showing the network settings attached to the Azure Cobalt 100 Arm64 virtual machine for configuring inbound access rules.#center](images/networking.png "Azure VM networking settings")
+
+3. Navigate to **Create port rule**, and select **Inbound port rule**.
+
+![Azure Portal Create port rule menu with Inbound port rule selected for configuring Keycloak and Flask application access.#center](images/port_rule.png "Create inbound firewall rule")
+
+4. Configure inbound security rules for the following ports:
+
+| Port | Purpose |
+|---|---|
+| 8080 | Keycloak Admin Console |
+| 9000 | Keycloak health and management endpoint |
+| 5000 | Flask OAuth2 demo application |
+
+Use the following settings for each rule:
+
+- **Source:** My IP address  
+- **Source IP addresses:** *(auto-populated with your current public IP)*  
+- **Source port ranges:** *  
+- **Destination:** Any  
+- **Protocol:** TCP  
+- **Action:** Allow  
+
+Use these names:
+
+| Port | Rule Name |
+|---|---|
+| 8080 | allow-keycloak-8080 |
+| 9000 | allow-keycloak-9000 |
+| 5000 | allow-flask-5000 |
+
+{{% notice Note %}}
+Setting **Source** to **My IP address** restricts access to the ports to your current machine only. If your public IP changes or you need to access the services from another machine, update the source IP in the NSG rule.
+{{% /notice %}}
+
+5. After filling in the details, select **Add** to save each rule.
+
+You can now access:
+
+- Keycloak Admin Console on port **8080**
+- Keycloak health endpoint on port **9000**
+- Flask OAuth2 demo application on port **5000**
+
+## What you've learned and what's next
+
+You've now configured the Azure Network Security Group to allow incoming traffic for Keycloak and the Flask OAuth2 demo application.
+
+Next, you'll deploy Keycloak, configure PostgreSQL integration, and validate OAuth2/OpenID Connect authentication workflows using the Flask application.
diff --git a/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/images/create-client.png b/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/images/create-client.png
new file mode 100644
index 0000000000..9d0e5240ea
Binary files /dev/null and b/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/images/create-client.png differ
diff --git a/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/images/create-realm.png b/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/images/create-realm.png
new file mode 100644
index 0000000000..50f4812708
Binary files /dev/null and b/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/images/create-realm.png differ
diff --git a/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/images/create-user.png b/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/images/create-user.png
new file mode 100644
index 0000000000..503eabc1de
Binary files /dev/null and b/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/images/create-user.png differ
diff --git a/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/images/final-vm.png b/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/images/final-vm.png
new file mode 100644
index 0000000000..5207abfb41
Binary files /dev/null and b/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/images/final-vm.png differ
diff --git a/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/images/instance.png b/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/images/instance.png
new file mode 100644
index 0000000000..285cd764a5
Binary files /dev/null and b/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/images/instance.png differ
diff --git a/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/images/instance1.png b/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/images/instance1.png
new file mode 100644
index 0000000000..b9d22c352d
Binary files /dev/null and b/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/images/instance1.png differ
diff --git a/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/images/instance4.png b/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/images/instance4.png
new file mode 100644
index 0000000000..2a0ff1e3b0
Binary files /dev/null and b/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/images/instance4.png differ
diff --git a/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/images/keycloak-demo.png b/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/images/keycloak-demo.png
new file mode 100644
index 0000000000..4eeab1f4f1
Binary files /dev/null and b/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/images/keycloak-demo.png differ
diff --git a/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/images/keycloak-http-error.png b/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/images/keycloak-http-error.png
new file mode 100644
index 0000000000..5197d9bc3b
Binary files /dev/null and b/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/images/keycloak-http-error.png differ
diff --git a/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/images/keycloak-ui.png b/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/images/keycloak-ui.png
new file mode 100644
index 0000000000..dd3c4942c0
Binary files /dev/null and b/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/images/keycloak-ui.png differ
diff --git a/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/images/keycloak-welcome-page.png b/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/images/keycloak-welcome-page.png
new file mode 100644
index 0000000000..5acec5a783
Binary files /dev/null and b/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/images/keycloak-welcome-page.png differ
diff --git a/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/images/networking.png b/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/images/networking.png
new file mode 100644
index 0000000000..9d6d15f8a3
Binary files /dev/null and b/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/images/networking.png differ
diff --git a/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/images/port_rule.png b/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/images/port_rule.png
new file mode 100644
index 0000000000..681dc71aa1
Binary files /dev/null and b/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/images/port_rule.png differ
diff --git a/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/images/ubuntu-pro.png b/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/images/ubuntu-pro.png
new file mode 100644
index 0000000000..d54bd75ca6
Binary files /dev/null and b/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/images/ubuntu-pro.png differ
diff --git a/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/images/virtual_machine.png b/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/images/virtual_machine.png
new file mode 100644
index 0000000000..cf6704fcc6
Binary files /dev/null and b/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/images/virtual_machine.png differ
diff --git a/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/instance.md b/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/instance.md
new file mode 100644
index 0000000000..2d93ae41f9
--- /dev/null
+++ b/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/instance.md
@@ -0,0 +1,66 @@
+---
+title: Create an Azure Cobalt 100 Arm64 virtual machine
+weight: 3
+
+### FIXED, DO NOT MODIFY
+layout: learningpathall
+---
+
+## Set up the Azure virtual machine
+
+In this section, you'll launch the Azure portal to create a virtual machine (VM) with the Arm-based Azure Cobalt 100 processor.
+
+This Learning Path focuses on general-purpose virtual machines in the Dpsv6 series. For more information, see the [Microsoft Azure guide for the Dpsv6 size series](https://learn.microsoft.com/en-us/azure/virtual-machines/sizes/general-purpose/dpsv6-series).
+
+While the steps to create this instance are included here for convenience, you can also see [Deploy a Cobalt 100 virtual machine on Azure Learning Path](/learning-paths/servers-and-cloud-computing/cobalt/).
+
+### Create an Arm-based virtual machine in the Azure portal
+
+To create an Azure virtual machine using the Azure portal:
+
+1. Launch the Azure portal and navigate to **Virtual Machines**.
+2. Select **Create**, and select **Virtual Machine** from the drop-down list.
+3. In the **Basic** tab, fill in the instance details such as **Virtual machine name** and **Region**.
+4. Select **Ubuntu Pro 24.04 LTS** as the image for your virtual machine, and select **Arm64** as the VM architecture.
+5. In the **Size** field, select **See all sizes** and select the D-Series v6 family of virtual machines.
+6. Select **D4ps_v6** from the list as shown in the diagram below:
+
+![Azure Portal showing D-Series v6 VM size selection with D4ps_v6 highlighted#center](images/instance.png "Select D4ps_v6 from the D-Series v6 family")
+
+7. For **Authentication type**, select **SSH public key**.
+
+{{% notice Note %}}
+Azure generates an SSH key pair for you and lets you save it for future use. This method is fast, secure, and easy for connecting to your virtual machine.
+{{% /notice %}}
+
+8. Fill in the **Administrator username** for your VM.
+9. Select **Generate new key pair**, and select **RSA SSH Format** as the SSH Key Type.
+
+{{% notice Note %}}
+RSA offers better security with keys longer than 3072 bits.
+{{% /notice %}}
+
+10. Give your SSH key a key pair name.
+11. In the **Inbound port rules**, select **HTTP (80)** and **SSH (22)** as the inbound ports, as shown in the following image:
+
+![Azure Portal inbound port configuration showing SSH and HTTP selected. Check that the required access settings are in place before creating the virtual machine.#center](images/instance1.png "Configure inbound port rules for HTTP and SSH access")
+
+12. Select the **Review + Create** tab and review the configuration for your virtual machine. It should look like the following:
+
+![Azure Portal Review + Create tab showing VM configuration summary ready for deployment#center](images/ubuntu-pro.png "Review VM configuration before creation")
+
+13. When you're happy with your selection, select the **Create** button and then **Download Private key and Create Resource**.
+
+![Azure Portal showing Create button and SSH key download dialog#center](images/instance4.png "Download SSH key and create the virtual machine")
+
+Your virtual machine should be ready and running in a few minutes. You can SSH into the virtual machine using the private key, along with the public IP details.
+
+![Azure Portal deployment result showing that the virtual machine was created successfully. Look for the successful deployment status and the connection details you will use to access the virtual machine in the next step.#center](images/final-vm.png "Successful VM deployment confirmation")
+
+{{% notice Note %}}To learn more about Arm-based virtual machines in Azure, see "Getting Started with Microsoft Azure" in [Get started with Arm-based cloud instances](/learning-paths/servers-and-cloud-computing/csp/azure/).{{% /notice %}}
+
+## What you've accomplished and what's next
+
+You've created an Azure Cobalt 100 Arm64 virtual machine running Ubuntu 24.04 LTS with SSH authentication configured. The virtual machine is now ready for installing PostgreSQL, Keycloak, and the Flask OAuth2 demo application.
+
+Next, you'll install Keycloak on the VM, configure PostgreSQL as the backend database, and deploy a demo OAuth2/OpenID Connect application using Flask.
diff --git a/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/keycloak_deployment_azure_cobalt100.md b/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/keycloak_deployment_azure_cobalt100.md
new file mode 100644
index 0000000000..10fc25994a
--- /dev/null
+++ b/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/keycloak_deployment_azure_cobalt100.md
@@ -0,0 +1,375 @@
+---
+title: Deploy Keycloak on Azure Cobalt 100 Arm64 virtual machines
+weight: 5
+
+### FIXED, DO NOT MODIFY
+layout: learningpathall
+---
+
+## Set up Keycloak on the VM
+
+In this section, you'll install Keycloak on an Azure Cobalt 100 Arm64 virtual machine and configure PostgreSQL as the backend database.
+
+Keycloak provides centralized identity and access management for applications using standards such as OAuth2, OpenID Connect, and SAML.
+
+### Overview
+
+This learning path explains how to deploy and configure Keycloak on Azure Cobalt 100 Arm64 virtual machines using PostgreSQL as the backend database.
+
+You will learn how to:
+
+- Install Keycloak on Arm64 infrastructure
+- Configure PostgreSQL integration
+- Bootstrap the Keycloak admin user
+- Configure Keycloak as a systemd service
+- Fix common Keycloak 26.x issues
+- Access the Keycloak administration console
+
+### Target platform
+
+| Component      | Value                         |
+| -------------- | ----------------------------- |
+| Cloud          | Microsoft Azure               |
+| VM Type        | Azure Cobalt 100 Arm64        |
+| Recommended VM | Standard_D4ps_v6              |
+| OS             | Ubuntu Server 24.04 LTS Arm64 |
+
+### Architecture
+
+```text
+Azure Cobalt 100 Arm64 VM
+        |
+        ├── PostgreSQL
+        ├── Keycloak
+        ├── Flask OAuth Demo App
+        └── Browser Access
+```
+
+### Configure Azure networking
+
+Allow these inbound ports:
+
+| Port | Purpose                      |
+| ---- | ---------------------------- |
+| 22   | SSH                          |
+| 8080 | Keycloak HTTP                |
+| 9000 | Keycloak management endpoint |
+| 5000 | Flask demo application       |
+
+
+### Update your system
+
+Start by updating the package index and installing the latest available package updates on the virtual machine.
+
+```bash
+sudo apt update && sudo apt upgrade -y
+```
+
+## Install required dependencies
+
+Install Java, PostgreSQL, Python, and utility packages required for running Keycloak and the Flask demo application.
+
+```bash
+sudo apt install -y \
+openjdk-21-jdk \
+postgresql \
+postgresql-contrib \
+python3-pip \
+python3-venv \
+curl \
+wget \
+tar
+```
+
+## Verify Java installation
+Keycloak requires Java, so verify that Java 21 is installed correctly.
+
+```bash
+java -version
+```
+
+The output is similar to:
+```output
+openjdk version "21"
+```
+
+
+### Configure PostgreSQL Database 
+Keycloak needs a persistent database to store realms, users, clients, roles, and authentication configuration.
+
+### Create the Keycloak database and user
+Log in to PostgreSQL as the default `postgres` user.
+
+```bash
+sudo -u postgres psql
+```
+
+Create a database for Keycloak.
+
+```sql
+CREATE DATABASE keycloak;
+```
+
+Create a PostgreSQL user for Keycloak.
+
+```sql
+CREATE USER keycloakuser WITH PASSWORD 'StrongPassword123!';
+```
+
+Grant database access to the Keycloak user.
+
+```sql
+GRANT ALL PRIVILEGES ON DATABASE keycloak TO keycloakuser;
+```
+
+Connect to Keycloak database:
+
+```sql
+\c keycloak
+```
+
+Grant schema permissions so Keycloak can create and manage its internal database tables.
+
+```sql
+GRANT ALL ON SCHEMA public TO keycloakuser;
+ALTER SCHEMA public OWNER TO keycloakuser;
+GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO keycloakuser;
+GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO keycloakuser;
+```
+
+Exit PostgreSQL:
+
+```sql
+\q
+```
+
+### Download Keycloak
+Download the Keycloak release archive, extract it, and move it to /opt/keycloak.
+
+```bash
+cd ~
+wget https://github.com/keycloak/keycloak/releases/download/26.2.5/keycloak-26.2.5.tar.gz
+tar -xzf keycloak-26.2.5.tar.gz
+sudo mv keycloak-26.2.5 /opt/keycloak
+```
+
+### Create Keycloak Linux user
+Create a dedicated Linux user to run Keycloak securely as a system service.
+
+```bash
+sudo useradd -r -s /bin/false keycloak
+sudo chown -R keycloak:keycloak /opt/keycloak
+```
+
+### Configure Keycloak
+Create the Keycloak configuration file and connect it to the PostgreSQL database.
+
+Replace YOUR_PUBLIC_IP with the public IP address of your Azure VM.
+
+Create configuration:
+
+```bash
+sudo tee /opt/keycloak/conf/keycloak.conf > /dev/null <<EOF
+db=postgres
+db-url=jdbc:postgresql://localhost:5432/keycloak
+db-username=keycloakuser
+db-password=StrongPassword123!
+
+hostname=http://YOUR_PUBLIC_IP:8080
+hostname-strict=false
+
+http-enabled=true
+http-port=8080
+
+health-enabled=true
+metrics-enabled=true
+EOF
+```
+
+{{% notice Note %}}
+Do not use proxy=edge with this setup because it can cause hostname and admin console loading issues in newer Keycloak versions.
+{{% /notice %}}
+
+### Build the Keycloak server
+
+Build Keycloak so the server configuration is optimized and persisted before startup.
+
+```bash
+sudo /opt/keycloak/bin/kc.sh build
+```
+
+### Create the Keycloak admin user
+
+Bootstrap the initial admin user that will be used to log in to the Keycloak Admin Console.
+
+```bash
+sudo KC_BOOTSTRAP_ADMIN_USERNAME=admin \
+KC_BOOTSTRAP_ADMIN_PASSWORD=AdminPassword123! \
+/opt/keycloak/bin/kc.sh bootstrap-admin user --optimized
+```
+
+The output is similar to:
+
+```output
+Enter username [temp-admin]:
+Enter password:
+Enter password again:
+```
+
+When prompted for the username, press Enter.
+
+When prompted for the password, enter the following password twice:
+
+```text
+AdminPassword123!
+```
+Successful output includes:
+
+```text
+Created temporary admin user with username admin
+```
+
+### Configure Keycloak as a systemd service
+
+Create a systemd service so Keycloak starts automatically and runs in the background.
+
+```bash
+sudo tee /etc/systemd/system/keycloak.service > /dev/null <<EOF
+[Unit]
+Description=Keycloak Server
+After=network.target postgresql.service
+Requires=postgresql.service
+
+[Service]
+Type=simple
+User=keycloak
+Group=keycloak
+WorkingDirectory=/opt/keycloak
+ExecStart=/opt/keycloak/bin/kc.sh start --optimized
+Restart=always
+RestartSec=10
+
+[Install]
+WantedBy=multi-user.target
+EOF
+```
+
+### Configure Keycloak runtime directories
+
+Create writable runtime directories required by Keycloak for temporary files, logs, and cache.
+
+```bash
+sudo mkdir -p /opt/keycloak/data/tmp
+sudo mkdir -p /opt/keycloak/data/log
+sudo mkdir -p /opt/keycloak/data/cache
+```
+
+Set the correct ownership for the Keycloak service user.
+
+```bash
+sudo chown -R keycloak:keycloak /opt/keycloak/data
+```
+
+Set directory permissions.
+
+```bash
+sudo chmod -R 755 /opt/keycloak/data
+```
+
+
+### Start and verify Keycloak
+Start Keycloak and verify that the service is running correctly.
+
+Start Keycloak:
+
+Reload systemd, enable the service, and start Keycloak.
+```bash
+sudo systemctl daemon-reload
+sudo systemctl enable keycloak
+sudo systemctl start keycloak
+```
+
+Check the service status.
+
+```bash
+sudo systemctl status keycloak
+```
+
+View live Keycloak logs.
+
+```bash
+sudo journalctl -u keycloak -f
+```
+
+
+### Fix HTTPS required error
+If the browser shows an HTTPS required message, disable SSL enforcement for the master realm for this HTTP-based learning path setup.
+
+```text
+HTTPS required
+```
+
+![Keycloak browser page showing the initial HTTPS required error while accessing the Keycloak Admin Console on the Azure Cobalt 100 Arm64 virtual machine. This occurs before disabling SSL enforcement for the master realm.#center](images/keycloak-http-error.png "Keycloak HTTPS required error page")
+
+Log in to the Keycloak database.
+
+```bash
+sudo -u postgres psql -d keycloak
+```
+
+Disable SSL enforcement for the master realm.
+
+```sql
+UPDATE realm
+SET ssl_required = 'NONE'
+WHERE name = 'master';
+```
+
+Exit PostgreSQL.
+
+```sql
+\q
+```
+
+Restart Keycloak:
+
+```bash
+sudo systemctl restart keycloak
+```
+
+### Access the Keycloak Admin Console
+
+Open the Keycloak Admin Console in your browser.
+
+```text
+http://YOUR_PUBLIC_IP:8080/admin/
+```
+
+![Keycloak login page running on the Azure Cobalt 100 Arm64 virtual machine after fixing the HTTPS required issue and successfully loading the authentication screen.#center](images/keycloak-ui.png "Keycloak login page on Azure Cobalt 100 Arm64")
+
+Login:
+
+```text
+Username: admin
+Password: AdminPassword123!
+```
+
+![Keycloak Admin Console welcome page showing the master realm dashboard after successful login on the Azure Cobalt 100 Arm64 virtual machine.#center](images/keycloak-welcome-page.png "Keycloak Admin Console welcome dashboard")
+
+### Verify health endpoint
+
+```bash
+curl http://localhost:9000/health
+```
+
+The output is similar to:
+
+```output
+{"status":"UP"}
+```
+
+### What you've learned and what's next
+
+You now have Keycloak running successfully on Azure Cobalt 100 Arm64 with PostgreSQL integration, a systemd service, and a working admin console.
+
+Next, you'll configure a Flask application and integrate it with Keycloak using OAuth2/OpenID Connect authenticatio
diff --git a/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/keycloak_flask_oauth_usecase.md b/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/keycloak_flask_oauth_usecase.md
new file mode 100644
index 0000000000..013a412b93
--- /dev/null
+++ b/content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/keycloak_flask_oauth_usecase.md
@@ -0,0 +1,223 @@
+---
+title: Integrate Flask OAuth2 application with Keycloak on Azure Cobalt 100
+weight: 6
+
+### FIXED, DO NOT MODIFY
+layout: learningpathall
+---
+
+## Integrate Flask OAuth2 Application with Keycloak
+
+## Overview
+
+In this section, you'll configure Keycloak realms, users, and OAuth2/OpenID Connect clients, then integrate a Flask application with Keycloak authentication.
+
+You will learn how to:
+
+- Create realms and users
+- Configure OpenID Connect clients
+- Build a Flask demo application
+- Validate OAuth2/OpenID Connect integration
+- Test authentication workflows
+
+## Create a Realm
+Create a dedicated realm for the Flask OAuth2 demo application.
+
+Inside Admin Console:
+
+1. Click realm dropdown
+2. Click Create realm
+3. Enter:
+
+```text
+demo-realm
+```
+
+4. Click Create
+
+![Keycloak Create Realm page showing the configuration of the demo-realm on the Azure Cobalt 100 Arm64 virtual machine before creating the new authentication realm.#center](images/create-realm.png "Keycloak Create Realm configuration page")
+
+## Create a User
+Create a dedicated realm for the Flask OAuth2 demo application.
+
+Navigate:
+
+```text
+Users > Add user
+```
+
+Create:
+
+```text
+Username: testuser
+```
+
+Go to:
+
+```text
+Credentials > Set password
+```
+
+Disable temporary password.
+
+![Keycloak Create User page showing the configuration of the testuser account inside the demo-realm on the Azure Cobalt 100 Arm64 virtual machine.#center](images/create-user.png "Keycloak user creation page for demo-realm")
+
+## OAuth2 Login for Flask Application
+
+This section demonstrates how to use Keycloak as an OAuth2/OpenID Connect provider for a Flask application.
+
+## Create OpenID Connect Client
+Create a Keycloak client for the Flask application.
+
+Navigate:
+
+```text
+Clients > Create client
+```
+
+Use:
+
+```text
+Client type: OpenID Connect
+Client ID: flask-demo
+```
+
+Enable:
+
+```text
+Client authentication: Off
+Authorization: Off
+```
+
+Valid redirect URI:
+
+```text
+http://YOUR_PUBLIC_IP:5000/*
+```
+
+Save the client.
+
+![Keycloak Create Client page showing the OpenID Connect client configuration for the Flask OAuth2 demo application running on the Azure Cobalt 100 Arm64 virtual machine.#center](images/create-client.png "Keycloak OpenID Connect client configuration for Flask demo application")
+
+## Create Flask Demo Application
+Create a project directory for the Flask OAuth2 application.
+
+```bash
+mkdir ~/flask-keycloak-demo
+cd ~/flask-keycloak-demo
+```
+
+## Create Python virtual environment
+Create and activate a Python virtual environment for dependency isolation.
+
+```bash
+python3 -m venv venv
+```
+
+Activate environment:
+
+```bash
+source venv/bin/activate
+```
+
+## Install Flask dependencies
+Install Flask and OAuth-related Python packages.
+
+```bash
+pip install flask authlib requests
+```
+
+## Create Flask Application
+Create a simple Flask application for testing Keycloak integration.
+
+```bash
+cat > app.py <<'EOF'
+from flask import Flask
+
+app = Flask(__name__)
+
+@app.route('/')
+def home():
+    return 'Keycloak OAuth2 Demo Application Running Successfully'
+
+if __name__ == '__main__':
+    app.run(host='0.0.0.0', port=5000)
+EOF
+```
+
+## Run Flask Application
+Start the Flask application.
+
+```bash
+python app.py
+```
+
+Open browser:
+
+```text
+http://YOUR_PUBLIC_IP:5000
+```
+
+The output is similar to:
+
+```output
+Keycloak OAuth2 Demo Application Running Successfully
+```
+
+![Flask OAuth2 demo application successfully running and accessible through port 5000 after integration with Keycloak on the Azure Cobalt 100 Arm64 virtual machine.#center](images/keycloak-demo.png "Flask OAuth2 demo application integrated with Keycloak")
+
+## Useful Commands
+
+Restart Keycloak:
+
+```bash
+sudo systemctl restart keycloak
+```
+
+View Keycloak logs:
+
+```bash
+sudo journalctl -u keycloak -f
+```
+
+Check listening ports:
+
+```
+sudo ss -tulpn | grep -E '8080|9000|5000'
+```
+
+## Common Troubleshooting
+
+**Admin console stuck loading:**
+
+Recreate temporary directories and restart Keycloak.
+
+```bash
+sudo mkdir -p /opt/keycloak/data/tmp
+sudo chown -R keycloak:keycloak /opt/keycloak/data
+sudo systemctl restart keycloak
+```
+
+## HTTPS required issue
+
+Disable SSL enforcement for the master realm.
+
+```bash
+UPDATE realm
+SET ssl_required='NONE'
+WHERE name='master';
+```
+
+## PostgreSQL schema permission issue
+
+If logs show:
+
+```text
+permission denied for schema public
+```
+
+grant schema permissions again.
+
+## What you've learned
+
+You now have a Flask application integrated with Keycloak using OAuth2/OpenID Connect authentication.