Keycloak
Published in

Keycloak

Keycloak Essentials

Open Source Identity Solution for Applications, Services, and APIs

In this post, we will see the core concept of Keycloak and application integration mechanisms. You can integrate frontend, mobile, monolithic application to microservice architecture. It gives the flexibility to export and import configuration easily and gives a single view to manage everything.

Why I should use Keycloak?

  • Reliable Solution

“Red Hat running on Red Hat products (Red Hat SSO)”: the entire authentication/authorization system is based on Red Hat SSO, which is the downstream version of upstream product keycloak. It is designed following the standard security protocols to provide a dynamic single sign-on solution to small/large scale industry.

  • Open Source (3C’s) : Cost, Customizable / Contributions, Community

Apache License Version 2.0 with support of strong active open source community

Is it ready for production?

Yes, it can be used in production (Make sure to ready documentation guide)

Standard Protocols (supported by keycloak)

  • OpenID Connect
  • OAuth 2.0
  • SAML 2.0

Applications/Tools that support integration with the above protocols can be plugged with Keycloak.

eg: Ansible tower can be integrated with keycloak or SAP BusinessIntelligence BI Platform SAML with Keycloak etc

Few things to clear out:

Oauth 2 != Authentication, only AuthorizationOpenID Connect = Identity + Authentication + Authorization

Getting it up and running is easy:

Docker:

docker pull jboss/keycloakdocker run -d -e KEYCLOAK_USER=<USERNAME> -e KEYCLOAK_PASSWORD=<PASSWORD> -p 8081:8080 jboss/keycloak

Remember your configuration will be temporary in this scenario. Make sure to export.

Standalone (https://www.keycloak.org/downloads.html) similar to running

JBoss/Wildfly instance:

keycloak-4.4.0.Final/bin>./standalone.sh

Core

The realm is like a namespace that allows you to manage entire metadata/configuration. You can have multiple realms based on your required. it is recommended that avoid using master realm which is used for administration purpose only.

It provides the various feature in one single view:

  • User Management (User/Groups)
  • Ldap/Active Directory Integration
  • Configuration management.
  • Custom theme (UI)
  • Events
  • Federation
  • Clients(Per application you can have one client which holds details like URL, protocol, redirect URL)

App/Tools/Services Integration

Before jumping on to thinking about the integration, decide on the following things:

  • Decide the Protocol (SAML/OpenID connect/Oauth2): Looking for authentication or authorization?
  • For the application part:
  • Is it running on a container (Stateless) or having a legacy clustered (shared state) environment.
  • Type of your architecture: Single page applications (SPA), Microservices, Serverless, MVC, etc
  • Identify the resources/end-points you wanted to secure: is it the integration between client-server, service-to-service, API end-points, etc
  • Identify which Adapter will be suited for your architecture.

Steps to Integrate:

  • Create a Realm (you can use master for a dev environment, have a realm based on your domain name. eg: external-apps, internal-apps, etc)
  • Create a Client for your application (hello-world-app)
  • Client configuration requires details like Protocol: SAML/OpenID, Resource Endpoint: https://localhost:8080/ (You application host details), Redirect URI: After the auth completes where you want to redirect.
  • Add client configuration to your application: clientId: hello-world-app, realm: external-apps, keycloak host URL, etc.

That’s all you need to configure your application with keycloak.

Thank you for reading this post, I will be adding integration patterns with various frameworks & platforms in the upcoming post.

Keycloak Integrations with:

If you like this post, give a Cheer!!!

Follow the Collection: Keycloak for learning more…

Happy Secure Coding ❤

--

--

--

Open Source Identity Solution for Applications, Services and APIs

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Abhishek koserwal

Abhishek koserwal

#redhatter #opensource #developer #kubernetes #keycloak #golang #openshift #quarkus #spring https://mentorcruise.com/mentor/abhishekkoserwal/

More from Medium

How to use OpenId Connect

Kafka—Going serverless

How We Upgraded PostgreSQL Database Version with Near Zero Downtime

Testing custom Github Actions relying on KinD