“How to Secure Your Applications With a Keycloak?
•
1 like•498 views
Discussed the capabilities, advantages and disadvantages of Keycloak, made a basic understanding of how it can be applied and integrated into various systems. Speaker - Ihor Didyk, Software Engineer, GlobalLogic.
Report
Share
More Related Content
What's hot
What's hot (20)
Similar to “How to Secure Your Applications With a Keycloak?
Similar to “How to Secure Your Applications With a Keycloak? (20)
More from GlobalLogic Ukraine
More from GlobalLogic Ukraine (20)
Recently uploaded
Recently uploaded (20)
“How to Secure Your Applications With a Keycloak?
- 1. 1 Confidential Keycloak as Big Brother or How to Secure Your Applications? Ihor Didyk Software Engineer at GlobalLogic Aug, 2022
- 3. 3 Confidential 3 Disclaimer Everything described there is true and complete to the best of author's knowledge. All recommendations and inferences are made without guarantee of the part of the author. The author disclaims any liability in connection with the use of this information.
- 5. 5 Confidential 5 IAAA Security Principle Identification Email, username, ID number Authorization Access permissions Authentication Password, token, signature Accountability Logs, user actions, traceability of actions
- 6. 6 Confidential 6 Implementation of Custom Security Layer ● Manage login/registration forms ● Manage user profiles ● Store users, passwords ● Check credentials ● API for token management Authentication for Backend ● Integrate this into the project ● Combine UI and backend together with authentication flows Authentication for UI 1 Put together 3 Project Integration 4 2
- 7. 7 Confidential 7 Simple Projects Structure DB Black box UI Project 1 DB Black box UI Project 2
- 8. 8 Confidential 8 Reasons to Delegate Your Security Stay DRY Don’t Repeat Yourself So you need some ways to protect your data You are probably not a security expert
- 10. 10 Confidential 10 Keycloak Overview Open-source identity and access management. Features: Single sign in LDAP and Active Directory Clustering Standard protocols Social login Themes Centralized management Identity brokering Extensible Adapters High performance Password policies Sign in once to multiple applications Connect to existing user directories Optimize scalability and availability OpenID Connect, OAuth 2.0, and SAML 2.0 Easily enable social sign in Customize look and feeling Available both for admins and users OpenID Connect or SAML 2.0 IdPs Customize through code Customize password policies Easy, fast, and scalable Secure applications and services
- 11. 11 Confidential 11 Core Concepts Keycloak Users UI (Themes) User Federation Realm: Master Roles Groups Events Roles Security Defenses Clients GitHub, Twitter, Google, Facebook, etc. OpenID Connect SAML Identity Provider
- 12. 12 Confidential 12 Reasons to Use Keycloak Reliable Solution ● Stable release: 19.0.1 July 29, 2022 ● Issues board (https://github.com/keycloak/k eycloak/issues) ● Documentation (https://www.keycloak.org/doc umentation.html) Open Source ● Free product ● Various customizations and contributions ● Open community Straightforward ● Not reinventing the wheel ● Shared libraries, keys, certificates, and configurations
- 13. 13 Confidential 13 Launch Keycloak Launch with JBoss WildFly Launch with Docker 1. Download Keycloak from https://www.keycloak.org/downloads.html 2. Use the following command: keycloak-x.x.x.Final/bin>./stand alone.sh Use the following commands: 1. docker pull jboss/keycloak 2. docker run --rm -d --name keycloak -p 5555:8080 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin jboss/keycloak
- 14. 14 Confidential 14 Prepare to integrate with Keycloak Realm: external-apps Keycloak Client ID: hello-world-app OpenID Connect/SAML Resource Endpoint Keycloak Adapter Mobile App Frontend App Backend App SDK: Android, iOS Client side: JS Server side: Java, Python, Node.js, Ruby, C#, etc.
- 15. 15 Confidential 15 Integrate with Keycloak Provide a client configuration 3 Create a client 2 Create a realm 1 ● You can use master for a dev environment or base it into your business domain (for example, external-appsor internal-apps). ● Create a client for your application (for example, hello-world-app). Client configuration requires the following details: ○ Protocol — SAML or OIDC). ○ Resource endpoint — the application hostname or REST endpoint. ○ Redirect URL — where to redirect the user when authentication is granted. ● Provide the client configuration to your application as input, for example: ○ The client ID (hello-world-app). ○ The realm (external-apps). ○ The Keycloak server URL.