Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Keycloak: the Open Source IAM for Modern Applic...

Avatar for Alexander Schwartz Alexander Schwartz
April 18, 2023
Technology
0
440

Keycloak: the Open Source IAM for Modern Applications

Keycloak is an Open-Source Identity and Access Management Solution for modern applications and services. It is designed to secure applications with modern industry standards like OAuth2, OpenID Connect, SAML and WebAuthn on Kubernetes and OpenShift. Keycloak integrates existing security infrastructures like SAML, LDAP and Kerberos, and you can extend it to meet your organization’s needs. In this presentation, we will give attendees an overview of the usage of Keycloak and its benefits.

Avatar for Alexander Schwartz

Alexander Schwartz

April 18, 2023
Tweet

More Decks by Alexander Schwartz

See All by Alexander Schwartz
Translating Keycloak is a collaborative effort
Avatar for Alexander Schwartz ahus1
0
13
Authenticate and authorize users “your way” when they access applications and platforms
Avatar for Alexander Schwartz ahus1
0
97
How to benefit from the latest Keycloak features
Avatar for Alexander Schwartz ahus1
0
240
Evolving real-world AsciiDoc into a specification and how it will help the ecosystem
Avatar for Alexander Schwartz ahus1
1
130
Using DPoP to use access tokens securely in your Single Page Applications
Avatar for Alexander Schwartz ahus1
0
95
Online-Dokumentation, die hilft: Strukturen, Prozesse, Tools
Avatar for Alexander Schwartz ahus1
0
160
What’s new in Keycloak, the open source IAM?
Avatar for Alexander Schwartz ahus1
1
250
Running a highly available Identity and Access Management with Keycloak
Avatar for Alexander Schwartz ahus1
0
160
Automatisiere deine Prozesse mit GitHub Actions!
Avatar for Alexander Schwartz ahus1
0
370

Other Decks in Technology

See All in Technology
LLMの開発と社会実装の今と未来 / AI Builders' Community (ABC) vol.2
Avatar for Preferred Networks pfn
PRO
2
180
木を見て森も見る-モジュールが織りなすプロダクトの森
Avatar for KNOWLEDGE WORK / 株式会社ナレッジワーク kworkdev
PRO
0
250
Part1 GitHubってなんだろう?その2
Avatar for tomokusaba tomokusaba
2
820
ソフトウェアテスト 最初の一歩 〜テスト設計技法をワークで体験しながら学ぶ〜 #JaSSTTokyo / SoftwareTestingFirstStep
Avatar for nihonbuson nihonbuson
PRO
2
200
時間がないなら、つくればいい 〜数十人規模のチームが自律性を発揮するために試しているいくつかのこと〜
Avatar for KAKEHASHI kakehashi
PRO
24
5.9k
計測による継続的なCI/CDの改善
Avatar for SansanTech sansantech
PRO
7
1.8k
Amplifyとゼロからはじめた AIコーディング。失敗と気づき
Avatar for k.masachika mkdev10
1
160
問 1:以下のコンパイラを証明せよ(予告編) #kernelvm / Kernel VM Study Kansai 11th
Avatar for y_taka_23 ytaka23
3
610
既存の開発資産を活かしながら、 《新規開発コスト抑制》と《開発体験向上》 を両立する拡張アーキテクチャ事例
Avatar for kubell kubell_hr
0
250
Docker Compose で手軽に手元環境を実現する / Simplifying Local Environments with Docker Compose #CinemaDeLT
Avatar for nabeo nabeo
0
240
ユーザーコミュニティが海外スタートアップのDevRelを補完する瞬間
Avatar for M Yano nagauta
1
200
CARTA HOLDINGS エンジニア向け 採用ピッチ資料 / CARTA-GUIDE-for-Engineers
Avatar for CARTA Engineering carta_engineering
0
27k

Featured

See All Featured
VelocityConf: Rendering Performance Case Studies
Avatar for Addy Osmani addyosmani
329
24k
Save Time (by Creating Custom Rails Generators)
Avatar for Garrett Dimon garrettdimon
PRO
31
1.2k
Build your cross-platform service in a week with App Engine
Avatar for Jose L jlugia
231
18k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
Avatar for Kevin Liebholz kevinliebholz
32
5.8k
StorybookのUI Testing Handbookを読んだ
Avatar for Shingo Yamazaki zakiyama
30
5.7k
The Art of Programming - Codeland 2020
Avatar for Erika Heidi erikaheidi
54
13k
Making the Leap to Tech Lead
Avatar for Ryan Cromwell cromwellryan
133
9.3k
Java REST API Framework Comparison - PWX 2021
Avatar for Matt Raible mraible
31
8.6k
BBQ
Avatar for Matthew Crist matthewcrist
88
9.6k
Side Projects
Avatar for Sacha Greif sachag
453
42k
CSS Pre-Processors: Stylus, Less & Sass
Avatar for Bermon Painter bermonpainter
357
30k
Performance Is Good for Brains [We Love Speed 2024]
Avatar for Tammy Everts tammyeverts
10
800

Transcript

  1. Keycloak: the Open Source Identity and Access Management for Modern

    Applications OpenShift Commons @ Kubecon EU Amsterdam | 2023-04-18 Alexander Schwartz | Principal Software Engineer | Red Hat

  2. Keycloak is an Open Source Identity and Access Management Solution

    • Authenticate and authorize users for applications • Configure interactively or fully automated • Bridge to existing security infrastructures • Extend and customize as needed • Run and scale in cloud and non-cloud environments

  3. Let Keycloak handle AuthZ and AuthN for your apps Login

    Request Verify token < Token > API Cloud Services

  4. A typical Keycloak login page…

  5. Optional: Use existing user directories via federation LDAP Active Directory

    User Store User Federation

  6. … it can do a lot more …

  7. … and use other providers …

  8. … or skip the form with Kerberos/SNPEGO! This page intentionally

    left blank.

  9. Powerful required actions in the login flow • Configure One

    Time Passwords • WebAuthn Register • Terms and Conditions • Update Password • Update Profile • Verify Email • … … or build your own! …

  10. Enable Admins Manage Keycloak via web UI, REST and CLI

  11. Enable Users Manage account details, password and second factor.

  12. Enable continuous everything • Export/import of realms • REST API

    and CLI • Configuration files and CRDs apiVersion: k8s.keycloak.org/v2alpha1 kind: Keycloak metadata: labels: app: keycloak name: keycloak namespace: ... spec: hostname: hostname: keycloak... additionalOptions: - name: db value: postgres - name: db-url value: jdbc:postgresql://… - name: db-pool-min-size value: ... - name: db-pool-max-size

  13. From the Server developer guide: • Customize the theme •

    Configure login flows • Add new required actions • Create event listener • Supply mappers for federations • Connect any custom user storage Customize to your needs

  14. • Extract archive and run • Use pre-built containers •

    Customize the Keycloak container with your providers • Use the Keycloak Operator Run in cloud and non-cloud environments

  15. Keycloak is an Open Source Identity and Access Management Solution

    • Authenticate and authorize users for applications • Configure interactively or fully automated • Bridge to existing security infrastructures • Extend and customize as needed • Run and scale in cloud and non-cloud environments

  16. • Keycloak https://www.keycloak.org • Getting started on bare metal https://www.keycloak.org/getting-started/getting-started-zip

    • Getting started on OpenShift https://www.keycloak.org/getting-started/getting-started-openshift • Keycloak Operator Guides https://www.keycloak.org/guides#operator • Server Developer Guide https://www.keycloak.org/docs/latest/server_development Links