Keycloak — An alternative solution for Authentication and Authorization

Authentication & Authorization using Keycloak

Abstract

In today’s applications, we must have operations like

• who is the user performing specific actions
• who should access what actions

So these two statements are necessary to secure the applications and services. For authentication and authorization, there are multiple solutions including some of the open-source. You can read one of the solutions using AWS on my blog here.

What is Keycloak?

Keycloak is an open solution for managing authentication and authorization. It provides the following features.

Completely Open Source

Keycloak is completely open-source. You just need a server to host it.

Single Sign-On

You can maintain a single session across multiple applications. You might have noticed Google Drive and Gmail. If you logout from Gmail your drive session will automatically get logged out.

Standard Protocols

Keycloak supports auth protocols like

• OpenID Connect
• OAuth 2.0
• SAML 2.0

Centralized Management

Keycloak stores user’s data centrally, so you don’t need to worry about user management.

LDAP and Active Directory

You can connect your existing users from your Active Directory to Keycloak so that your AD users can log in to applications using their AD credentials.

Social Login

You can easily enable social login like Gmail, Facebook, Twitter, Instagram, Github, etc.

Identity Federation

You can federate identities using OpenID Connect or SAML 2.0 IdPs.

Clustering

You can run Keycloak in the cluster for scalability and high availability.

Themes

You can easily customize Keycloak look and feel. For reference visit here.

Password Policies

There are lots of policies supported for a password like

• Digits — a minimum number of digits required
• Special Characters — a minimum number of special characters required
• Expire Password — password expires after n days
• Not Username — password should be different from the username
• Minimum Length — minimum length of the password

Client Adapters

Keycloak client adapters are libraries that make it very easy to secure applications and services with Keycloak. Keycloak supports the following adapters

• Java
• JavaScript (Client-Side)
• NodeJs (Server-Side)
• C#
• Python
• Android & iOS
• Apache HTTP Server

Installation

We can install the Keycloak server on any server(Java installed) using two ways as mentioned below.

• By downloading the Zip folder
• By Docker image

By downloading the Zip folder — You can download the Keycloak zip folder from here. Once downloaded, you can run the standalone.sh file in the bin folder to run the server in standalone mode. For more information visit here.

By Docker image — For docker image, you can pull the image from Dockerhub.

Once Keycloak server is running you can open it’s UI using the following URLs.

1. Go to http://localhost:8080/auth/ and create the initial admin user.
2. Go to http://localhost:8080/auth/admin and log in as admin to the admin console.

References

• https://www.keycloak.org/
• https://www.keycloak.org/docs/latest/getting_started/index.html

Please clap if you like. 50 is the limit.

Thanks for reading!

If you like the above article please clap the same and if you don’t like please put your thoughts in comments so that I can improve it.

You can reach me out on Linkedin, Quora.