Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Keycloak: the Open Source IAM for Modern Applications

Keycloak: the Open Source IAM for Modern Applications

Keycloak is an Open-Source Identity and Access Management Solution for modern applications and services. It is designed to secure applications with modern industry standards like OAuth2, OpenID Connect, SAML and WebAuthn on Kubernetes and OpenShift. Keycloak integrates existing security infrastructures like SAML, LDAP and Kerberos, and you can extend it to meet your organization’s needs. In this presentation, we will give attendees an overview of the usage of Keycloak and its benefits.

Alexander Schwartz

April 18, 2023
Tweet

More Decks by Alexander Schwartz

Other Decks in Technology

Transcript

  1. Keycloak: the Open Source Identity and
    Access Management for Modern Applications
    OpenShift Commons @ Kubecon EU Amsterdam | 2023-04-18
    Alexander Schwartz | Principal Software Engineer | Red Hat

    View Slide

  2. Keycloak is an Open Source
    Identity and Access Management Solution
    ● Authenticate and authorize users for applications
    ● Configure interactively or fully automated
    ● Bridge to existing security infrastructures
    ● Extend and customize as needed
    ● Run and scale in cloud and non-cloud environments

    View Slide

  3. Let Keycloak handle AuthZ and AuthN for your apps
    Login
    Request
    Verify token
    < Token >
    API
    Cloud
    Services

    View Slide

  4. A typical Keycloak login page…

    View Slide

  5. Optional: Use existing user directories via federation
    LDAP Active Directory User Store
    User Federation

    View Slide

  6. … it can do a lot more …

    View Slide

  7. … and use other providers …

    View Slide

  8. … or skip the form with Kerberos/SNPEGO!
    This page intentionally left blank.

    View Slide

  9. Powerful required actions in the login flow
    ● Configure One Time Passwords
    ● WebAuthn Register
    ● Terms and Conditions
    ● Update Password
    ● Update Profile
    ● Verify Email
    ● …
    … or build your own!

    View Slide

  10. Enable Admins
    Manage Keycloak via web UI,
    REST and CLI

    View Slide

  11. Enable Users
    Manage account details,
    password and second factor.

    View Slide

  12. Enable continuous everything
    ● Export/import of realms
    ● REST API and CLI
    ● Configuration files and CRDs
    apiVersion: k8s.keycloak.org/v2alpha1
    kind: Keycloak
    metadata:
    labels:
    app: keycloak
    name: keycloak
    namespace: ...
    spec:
    hostname:
    hostname: keycloak...
    additionalOptions:
    - name: db
    value: postgres
    - name: db-url
    value: jdbc:postgresql://…
    - name: db-pool-min-size
    value: ...
    - name: db-pool-max-size

    View Slide

  13. From the Server developer guide:
    ● Customize the theme
    ● Configure login flows
    ● Add new required actions
    ● Create event listener
    ● Supply mappers for federations
    ● Connect any custom user storage
    Customize to your needs

    View Slide

  14. ● Extract archive and run
    ● Use pre-built containers
    ● Customize the Keycloak
    container with your providers
    ● Use the Keycloak Operator
    Run in cloud and non-cloud environments

    View Slide

  15. Keycloak is an Open Source
    Identity and Access Management Solution
    ● Authenticate and authorize users for applications
    ● Configure interactively or fully automated
    ● Bridge to existing security infrastructures
    ● Extend and customize as needed
    ● Run and scale in cloud and non-cloud environments

    View Slide

  16. ● Keycloak
    https://www.keycloak.org
    ● Getting started on bare metal
    https://www.keycloak.org/getting-started/getting-started-zip
    ● Getting started on OpenShift
    https://www.keycloak.org/getting-started/getting-started-openshift
    ● Keycloak Operator Guides
    https://www.keycloak.org/guides#operator
    ● Server Developer Guide
    https://www.keycloak.org/docs/latest/server_development
    Links

    View Slide