Keycloak — An alternative solution for Authentication and Authorization
Abstract
In today’s applications, we must have operations like
- who is the user performing specific actions
- who should access what actions
So these two statements are necessary to secure the applications and services. For authentication and authorization, there are multiple solutions including some of the open-source. You can read one of the solutions using AWS on my blog here.
What is Keycloak?
Keycloak is an open solution for managing authentication and authorization. It provides the following features.
Completely Open Source
Keycloak is completely open-source. You just need a server to host it.
Single Sign-On
You can maintain a single session across multiple applications. You might have noticed Google Drive and Gmail. If you logout from Gmail your drive session will automatically get logged out.
Standard Protocols
Keycloak supports auth protocols like
- OpenID Connect
- OAuth 2.0
- SAML 2.0
Centralized Management
Keycloak stores user’s data centrally, so you don’t need to worry about user management.
LDAP and Active Directory
You can connect your existing users from your Active Directory to Keycloak so that your AD users can log in to applications using their AD credentials.
Social Login
You can easily enable social login like Gmail, Facebook, Twitter, Instagram, Github, etc.
Identity Federation
You can federate identities using OpenID Connect or SAML 2.0 IdPs.
Clustering
You can run Keycloak in the cluster for scalability and high availability.
Themes
You can easily customize Keycloak look and feel. For reference visit here.
Password Policies
There are lots of policies supported for a password like
- Digits — a minimum number of digits required
- Special Characters — a minimum number of special characters required
- Expire Password — password expires after n days
- Not Username — password should be different from the username
- Minimum Length — minimum length of the password
Client Adapters
Keycloak client adapters are libraries that make it very easy to secure applications and services with Keycloak. Keycloak supports the following adapters
- Java
- JavaScript (Client-Side)
- NodeJs (Server-Side)
- C#
- Python
- Android & iOS
- Apache HTTP Server
Installation
We can install the Keycloak server on any server(Java installed) using two ways as mentioned below.
- By downloading the Zip folder
- By Docker image
By downloading the Zip folder — You can download the Keycloak zip folder from here. Once downloaded, you can run the standalone.sh file in the bin folder to run the server in standalone mode. For more information visit here.
By Docker image — For docker image, you can pull the image from Dockerhub.
Once Keycloak server is running you can open it’s UI using the following URLs.
- Go to
http://localhost:8080/auth/
and create the initial admin user. - Go to
http://localhost:8080/auth/admin
and log in as admin to the admin console.