Discussed the capabilities, advantages and disadvantages of Keycloak, made a basic understanding of how it can be applied and integrated into various systems.
Speaker - Ihor Didyk, Software Engineer, GlobalLogic.
3. 3
Confidential
3
Disclaimer
Everything described there is true and complete to the
best of author's knowledge. All recommendations and
inferences are made without guarantee of the part of the
author. The author disclaims any liability in connection
with the use of this information.
6. 6
Confidential
6
Implementation of Custom Security Layer
● Manage login/registration
forms
● Manage user profiles
● Store users, passwords
● Check credentials
● API for token management
Authentication for Backend
● Integrate this into the project
● Combine UI and backend
together with authentication
flows
Authentication for UI
1
Put together
3 Project Integration
4
2
8. 8
Confidential
8
Reasons to Delegate Your Security
Stay DRY
Don’t Repeat
Yourself
So you need some
ways to protect
your data
You are
probably not a
security expert
10. 10
Confidential
10
Keycloak Overview
Open-source identity and access management. Features:
Single sign in
LDAP and Active
Directory
Clustering
Standard
protocols
Social login
Themes
Centralized
management
Identity brokering
Extensible
Adapters
High performance
Password policies
Sign in once to
multiple applications
Connect to existing
user directories
Optimize scalability
and availability
OpenID Connect, OAuth
2.0, and SAML 2.0
Easily enable social
sign in
Customize look and
feeling
Available both for
admins and users
OpenID Connect or
SAML 2.0 IdPs
Customize through
code
Customize password
policies
Easy, fast, and
scalable
Secure applications
and services
12. 12
Confidential
12
Reasons to Use Keycloak
Reliable Solution
● Stable release: 19.0.1
July 29, 2022
● Issues board
(https://github.com/keycloak/k
eycloak/issues)
● Documentation
(https://www.keycloak.org/doc
umentation.html)
Open Source
● Free product
● Various customizations and
contributions
● Open community
Straightforward
● Not reinventing the wheel
● Shared libraries, keys,
certificates, and configurations
13. 13
Confidential
13
Launch Keycloak
Launch with
JBoss WildFly
Launch with
Docker
1. Download Keycloak from
https://www.keycloak.org/downloads.html
2. Use the following command:
keycloak-x.x.x.Final/bin>./stand
alone.sh
Use the following commands:
1. docker pull jboss/keycloak
2. docker run --rm -d --name
keycloak -p 5555:8080 -e
KEYCLOAK_USER=admin -e
KEYCLOAK_PASSWORD=admin
jboss/keycloak
14. 14
Confidential
14
Prepare to integrate with Keycloak
Realm:
external-apps
Keycloak
Client ID: hello-world-app
OpenID Connect/SAML
Resource Endpoint
Keycloak
Adapter
Mobile App
Frontend App
Backend App
SDK: Android, iOS
Client side: JS
Server side: Java, Python,
Node.js, Ruby, C#, etc.
15. 15
Confidential
15
Integrate with Keycloak
Provide a client
configuration
3
Create a client
2
Create a realm
1
● You can use master for a dev
environment or base it into your
business domain (for example,
external-appsor
internal-apps).
● Create a client for your
application (for example,
hello-world-app). Client
configuration requires the
following details:
○ Protocol — SAML or OIDC).
○ Resource endpoint — the
application hostname or
REST endpoint.
○ Redirect URL — where to
redirect the user when
authentication is granted.
● Provide the client configuration
to your application as input, for
example:
○ The client ID
(hello-world-app).
○ The realm
(external-apps).
○ The Keycloak server URL.