Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Keycloak: the Open Source IAM for Modern Applic...

Alexander Schwartz
April 18, 2023
Technology
0
300

Keycloak: the Open Source IAM for Modern Applications

Keycloak is an Open-Source Identity and Access Management Solution for modern applications and services. It is designed to secure applications with modern industry standards like OAuth2, OpenID Connect, SAML and WebAuthn on Kubernetes and OpenShift. Keycloak integrates existing security infrastructures like SAML, LDAP and Kerberos, and you can extend it to meet your organization’s needs. In this presentation, we will give attendees an overview of the usage of Keycloak and its benefits.

Alexander Schwartz

April 18, 2023
Tweet

More Decks by Alexander Schwartz

See All by Alexander Schwartz
Evolving real-world AsciiDoc into a specification and how it will help the ecosystem
ahus1
1
70
Online-Dokumentation, die hilft: Strukturen, Prozesse, Tools
ahus1
0
88
What’s new in Keycloak, the open source IAM?
ahus1
1
170
Running a highly available Identity and Access Management with Keycloak
ahus1
0
100
Automatisiere deine Prozesse mit GitHub Actions!
ahus1
0
330
Highly available Identity and Access Management with multi-site Keycloak deployments in the cloud
ahus1
0
7.9k
Documentation for users with AsciiDoc and Antora
ahus1
0
500
What's next in Keycloak, the Open Source IAM? (KC24)
ahus1
0
390
Add user self-management, brokerage and federation to your infrastructure with Keycloak
ahus1
0
72

Other Decks in Technology

See All in Technology
Lexical Analysis
shigashiyama
1
150
隣接領域をBeyondするFinatextのエンジニア組織設計 / beyond-engineering-areas
stajima
1
270
サイバーセキュリティと認知バイアス:対策の隙を埋める心理学的アプローチ
shumei_ito
0
380
データプロダクトの定義からはじめる、データコントラクト駆動なデータ基盤
chanyou0311
2
280
rootlessコンテナのすゝめ - 研究室サーバーでもできる安全なコンテナ管理
kitsuya0828
3
380
元旅行会社の情シス部員が教えるおすすめなre:Inventへの行き方 / What is the most efficient way to re:Invent
naospon
2
330
Can We Measure Developer Productivity?
ewolff
1
150
【Pycon mini 東海 2024】Google Colaboratoryで試すVLM
kazuhitotakahashi
2
490
いざ、BSC討伐の旅
nikinusu
2
780
オープンソースAIとは何か? --「オープンソースAIの定義 v1.0」詳細解説
shujisado
4
530
これまでの計測・開発・デプロイ方法全部見せます! / Findy ISUCON 2024-11-14
tohutohu
3
360
TypeScript、上達の瞬間
sadnessojisan
46
13k

Featured

See All Featured
Fashionably flexible responsive web design (full day workshop)
malarkey
405
65k
Keith and Marios Guide to Fast Websites
keithpitt
409
22k
RailsConf 2023
tenderlove
29
900
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
191
16k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
246
1.3M
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
42
9.2k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
47
5k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
109
49k
Producing Creativity
orderedlist
PRO
341
39k
Build The Right Thing And Hit Your Dates
maggiecrowley
33
2.4k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
28
9.1k
For a Future-Friendly Web
brad_frost
175
9.4k

Transcript

  1. Keycloak: the Open Source Identity and Access Management for Modern

    Applications OpenShift Commons @ Kubecon EU Amsterdam | 2023-04-18 Alexander Schwartz | Principal Software Engineer | Red Hat

  2. Keycloak is an Open Source Identity and Access Management Solution

    • Authenticate and authorize users for applications • Configure interactively or fully automated • Bridge to existing security infrastructures • Extend and customize as needed • Run and scale in cloud and non-cloud environments

  3. Let Keycloak handle AuthZ and AuthN for your apps Login

    Request Verify token < Token > API Cloud Services

  4. A typical Keycloak login page…

  5. Optional: Use existing user directories via federation LDAP Active Directory

    User Store User Federation

  6. … it can do a lot more …

  7. … and use other providers …

  8. … or skip the form with Kerberos/SNPEGO! This page intentionally

    left blank.

  9. Powerful required actions in the login flow • Configure One

    Time Passwords • WebAuthn Register • Terms and Conditions • Update Password • Update Profile • Verify Email • … … or build your own! …

  10. Enable Admins Manage Keycloak via web UI, REST and CLI

  11. Enable Users Manage account details, password and second factor.

  12. Enable continuous everything • Export/import of realms • REST API

    and CLI • Configuration files and CRDs apiVersion: k8s.keycloak.org/v2alpha1 kind: Keycloak metadata: labels: app: keycloak name: keycloak namespace: ... spec: hostname: hostname: keycloak... additionalOptions: - name: db value: postgres - name: db-url value: jdbc:postgresql://… - name: db-pool-min-size value: ... - name: db-pool-max-size

  13. From the Server developer guide: • Customize the theme •

    Configure login flows • Add new required actions • Create event listener • Supply mappers for federations • Connect any custom user storage Customize to your needs

  14. • Extract archive and run • Use pre-built containers •

    Customize the Keycloak container with your providers • Use the Keycloak Operator Run in cloud and non-cloud environments

  15. Keycloak is an Open Source Identity and Access Management Solution

    • Authenticate and authorize users for applications • Configure interactively or fully automated • Bridge to existing security infrastructures • Extend and customize as needed • Run and scale in cloud and non-cloud environments

  16. • Keycloak https://www.keycloak.org • Getting started on bare metal https://www.keycloak.org/getting-started/getting-started-zip

    • Getting started on OpenShift https://www.keycloak.org/getting-started/getting-started-openshift • Keycloak Operator Guides https://www.keycloak.org/guides#operator • Server Developer Guide https://www.keycloak.org/docs/latest/server_development Links