Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Add user self-management, brokerage and federat...

Add user self-management, brokerage and federation to your infrastructure with Keycloak

Once an organization has rolled out single-sign-on, some of the next challenges are how to enable user self-management, integrating the user base of other organizations, and using social logins.

Keycloak is an Open Source Identity and Access Management (IAM) solution that is well-known for its single-sign-on capabilities based on OpenID Connect and SAML. It also provides among other features like identity brokerage, federation, and user self-management. With the latest additions around dynamic user profiles, this is getting even more powerful.

This talk demos Keycloak's features and shows how it hides the configuration and complexity of these integrations from the client applications which only need to support either OpenID Connect or SAML.

Keycloak homepage: https://www.keycloak.org/

Alexander Schwartz

February 04, 2024
Tweet

More Decks by Alexander Schwartz

Other Decks in Technology

Transcript

  1. Add user self-management, brokerage and federation to your infrastructure with

    Keycloak Alexander Schwartz | Principal Software Engineer | Red Hat Identity and Access Management devroom | FOSDEM | 2024-02-04
  2. Day 1: Single-Sign-On is cool! Day 2: Become flexible in

    your setup Day 3: Eliminate daily churn
  3. Day 1: Single-Sign-On is cool! • Users need to remember

    only one password • Authenticate only once per day • Add second factor for authentication for security • Theme the frontend to match your needs Makes sense already for a single application!
  4. Let Keycloak handle AuthZ and AuthN for your apps Login

    Request Verify token < Token > API Cloud Services
  5. Day 2: Become flexible in your setup • Integrate LDAP

    and Kerberos • Brokerage to existing SAML services • Brokerage to existing OIDC services • Integrate existing custom stores • SCIM integration Reuse existing user stores!
  6. Day 3: Eliminate daily churn • User required actions •

    User password recovery (even when using LDAP) • Self-registration for users • User data self-management Resolve the need for calls and tickets!
  7. Day 1: Single-Sign-On is cool! Day 2: Become flexible in

    your setup Day 3: Eliminate daily churn
  8. • Keycloak https://www.keycloak.org/ • Keycloak Nightly Release https://github.com/keycloak/keycloak/releases/tag/nightly • Keycloak

    Book 2nd Edition https://www.packtpub.com/product/kc/9781804616444 • Keycloak Hour of Code https://www.meetup.com/keycloak-hour-of-code/ Links