While Keycloak is free, the time it takes to implement a solution is not. And that can be considerable if you want a production ready deployment that's highly available, monitored, and well-understood by whoever is supporting it. And hosting has a cost (instance + dB for a simple low-traffic "dev" setup, but for HA and redundancy you have more work to do).

For some companies the choice is simple: a 3rd party service is quicker, easier and while it's expensive over years, the monthly cost is doable. But we're using it because we have an investor who pays for hiring and AWS, but nothing else. Have you tried using AWS Cognito? Full body shudder. It's simple until it's not.

Keycloak has a learning curve but at least it makes sense. It took me a while but I'm at the point where the entire thing is automatic using terraform and helm, from deployment, & configuration to theme and full "IAM" stuff (users, roles, clients, IDPs etc). It took a while but since I was getting paid and we had no way to simply pay for a quick alternative, I just crunched through it. That model doesn't suit every company though.

Finally, I'll add that AFTER getting Keycloak fully set up, hooking the product into it looked pretty much like the "one step forward, two steps back" that the original post chronicled as he implemented SSO.