Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Add user self-management, brokerage and federation to your infrastructure with Keycloak

Alexander Schwartz
February 04, 2024
Technology
0
17

Add user self-management, brokerage and federation to your infrastructure with Keycloak

Once an organization has rolled out single-sign-on, some of the next challenges are how to enable user self-management, integrating the user base of other organizations, and using social logins.

Keycloak is an Open Source Identity and Access Management (IAM) solution that is well-known for its single-sign-on capabilities based on OpenID Connect and SAML. It also provides among other features like identity brokerage, federation, and user self-management. With the latest additions around dynamic user profiles, this is getting even more powerful.

This talk demos Keycloak's features and shows how it hides the configuration and complexity of these integrations from the client applications which only need to support either OpenID Connect or SAML.

Keycloak homepage: https://www.keycloak.org/

Alexander Schwartz

February 04, 2024
Tweet

More Decks by Alexander Schwartz

See All by Alexander Schwartz
Highly available Identity and Access Management with multi-site Keycloak deployments in the cloud
ahus1
0
11
What's next in Keycloak, the Open Source IAM? (KC24)
ahus1
0
150
Wie wir unsere Test-Pipeline stabilisierten
ahus1
0
140
10 Years of Keycloak - What's Next for Cloud-Native Authentication and OIDC?
ahus1
0
17
Performance-Engpässe finden mit dem Java-Flight-Recorder
ahus1
1
24
Online-Dokumentation, die hilft
ahus1
0
240
AsciiDoc Deep Dive (Deutsch)
ahus1
0
300
Keycloak: the Open Source IAM for Modern Applications
ahus1
0
170
GitHub-APIs: Rezepte für den Entwickler-Alltag
ahus1
0
220

Other Decks in Technology

See All in Technology
Python と Snowflake はズッ友だょ!~ Snowflake の Python 関連機能をふりかえる ~
__allllllllez__
1
120
Kernel MemoryでAzure OpenAI Serviceとお手軽データソース連携
mitsuzono
1
260
ChatworkのSRE部って実は 半分くらいPlatform Engineering部かもしれない
saramune
0
160
アクセス制御にまつわる改善 / Improving access control
itkq
0
550
TechFeed Experts Night#27 〜 フロントエンドフレームワーク最前線 (Svelte)
baseballyama
1
540
今日からできる!簡単 .NET 高速化 Tips -2024 edition-
xin9le
2
310
KubeCon EU 2024 Recap “Kubernetes Policy Time Machine: Where to Next?”
ryysud
0
220
20240418_Google ColabにLLMが搭載されたようなのでPython x データ分析の勉強方法を考えてみる
doradora09
0
140
競技としてのKaggle、役に立つKaggle
yu4u
4
2k
Google Cloud Next '24でブログを10本書いた方法と勉強会を沸かせた方法
yasumuusan
0
310
本当のAWS基礎
toru_kubota
0
530
Google Cloud の AI を支える裏側のインフラを垣間見る!
maroon1st
0
360

Featured

See All Featured
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
60
14k
Adopting Sorbet at Scale
ufuk
68
8.6k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
25
2.3k
Learning to Love Humans: Emotional Interface Design
aarron
267
39k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
2
3.4k
Building Effective Engineering Teams - LeadDev
addyosmani
28
1.8k
Producing Creativity
orderedlist
PRO
337
39k
Six Lessons from altMBA
skipperchong
21
3k
[RailsConf 2023] Rails as a piece of cake
palkan
23
4k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
21
1.6k
The Mythical Team-Month
searls
216
42k
Build your cross-platform service in a week with App Engine
jlugia
225
17k

Transcript

  1. Add user self-management, brokerage and federation to your infrastructure with

    Keycloak Alexander Schwartz | Principal Software Engineer | Red Hat Identity and Access Management devroom | FOSDEM | 2024-02-04

  2. Day 1: Single-Sign-On is cool! Day 2: Become flexible in

    your setup Day 3: Eliminate daily churn

  3. Day 1: Single-Sign-On is cool! • Users need to remember

    only one password • Authenticate only once per day • Add second factor for authentication for security • Theme the frontend to match your needs Makes sense already for a single application!

  4. Let Keycloak handle AuthZ and AuthN for your apps Login

    Request Verify token < Token > API Cloud Services

  5. Let’s do a demo of Keycloak!

  6. Day 2: Become flexible in your setup • Integrate LDAP

    and Kerberos • Brokerage to existing SAML services • Brokerage to existing OIDC services • Integrate existing custom stores • SCIM integration Reuse existing user stores!

  7. Brokerage to existing services Identity Brokering OpenID Connect SAML v2

    Kerberos

  8. Skip the form with Kerberos/SNPEGO! This page intentionally left blank.

  9. Use social logins to authenticate Social

  10. Use existing user directories via federation OpenLDAP Active Directory User

    Store User Federation

  11. Day 3: Eliminate daily churn • User required actions •

    User password recovery (even when using LDAP) • Self-registration for users • User data self-management Resolve the need for calls and tickets!

  12. Required actions (there’s a lot to choose from!)

  13. Password recovery and self-registration

  14. Declarative User Profile configuration

  15. User Profile for admins, registration, and users

  16. Day 1: Single-Sign-On is cool! Day 2: Become flexible in

    your setup Day 3: Eliminate daily churn

  17. • Keycloak https://www.keycloak.org/ • Keycloak Nightly Release https://github.com/keycloak/keycloak/releases/tag/nightly • Keycloak

    Book 2nd Edition https://www.packtpub.com/product/kc/9781804616444 • Keycloak Hour of Code https://www.meetup.com/keycloak-hour-of-code/ Links

  18. Contact Alexander Schwartz Principal Software Engineer [email protected] https://www.ahus1.de @ahus1de @[email protected]