Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Keycloak: the Open Source IAM for Modern Applications

Alexander Schwartz
April 18, 2023
Technology
0
170

Keycloak: the Open Source IAM for Modern Applications

Keycloak is an Open-Source Identity and Access Management Solution for modern applications and services. It is designed to secure applications with modern industry standards like OAuth2, OpenID Connect, SAML and WebAuthn on Kubernetes and OpenShift. Keycloak integrates existing security infrastructures like SAML, LDAP and Kerberos, and you can extend it to meet your organization’s needs. In this presentation, we will give attendees an overview of the usage of Keycloak and its benefits.

Alexander Schwartz

April 18, 2023
Tweet

More Decks by Alexander Schwartz

See All by Alexander Schwartz
Highly available Identity and Access Management with multi-site Keycloak deployments in the cloud
ahus1
0
11
What's next in Keycloak, the Open Source IAM? (KC24)
ahus1
0
150
Add user self-management, brokerage and federation to your infrastructure with Keycloak
ahus1
0
17
Wie wir unsere Test-Pipeline stabilisierten
ahus1
0
140
10 Years of Keycloak - What's Next for Cloud-Native Authentication and OIDC?
ahus1
0
17
Performance-Engpässe finden mit dem Java-Flight-Recorder
ahus1
1
23
Online-Dokumentation, die hilft
ahus1
0
240
AsciiDoc Deep Dive (Deutsch)
ahus1
0
300
GitHub-APIs: Rezepte für den Entwickler-Alltag
ahus1
0
220

Other Decks in Technology

See All in Technology
開発生産性向上サービスを作るFindyが自分たちで開発生産性を爆上げした組織づくりの歩み / Findy's path to boosting its own development productivity 2024-04-17
ma3tk
3
610
TechFeed Experts Night#27 〜 フロントエンドフレームワーク最前線 (Svelte)
baseballyama
1
230
FrontDoorとWebAppsを組み合わせた際のリダイレクト処理の注意点
kenichirokimura
1
500
複雑な構成要素を持つUIとの向き合い方 〜新・支出グラフでの実例〜 / B43 TECH TALK
nakamuuu
0
140
チームでロジカルシンキングに改めて向き合っている話 〜学習環境と実践⽅法〜
sansantech
PRO
2
1.7k
コンパウンドスタートアップのためのスケーラブルでセキュアなInfrastructure as Codeパイプラインを考える / Scalable and Secure Infrastructure as Code Pipeline for a Compound Startup
yuyatakeyama
4
4.7k
プロデザ! BY リクルート vol.18_リクルートのリサーチ実践組織「リサーチブーストコミュニティ」
recruitengineers
PRO
3
270
GraphQL 成熟度モデルの紹介と、プロダクトに当てはめた事例 / GraphQL maturity model
mh4gf
7
1.3k
エンジニアのキャリアをちょっと楽しくする3本の軸/Three Pillars to Make an Engineer's Career More Enjoyable
kwappa
0
2.6k
継続的な改善 x ⾮連続的な進化
sansantech
PRO
3
140
20240418_Google ColabにLLMが搭載されたようなのでPython x データ分析の勉強方法を考えてみる
doradora09
0
120
生産性向上チームの紹介
cybozuinsideout
PRO
1
860

Featured

See All Featured
The Language of Interfaces
destraynor
151
23k
In The Pink: A Labor of Love
frogandcode
138
21k
Making the Leap to Tech Lead
cromwellryan
124
8.5k
Become a Pro
speakerdeck
PRO
11
4.5k
Facilitating Awesome Meetings
lara
42
5.6k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
187
16k
Building Better People: How to give real-time feedback that sticks.
wjessup
355
18k
How To Stay Up To Date on Web Technology
chriscoyier
782
250k
The MySQL Ecosystem @ GitHub 2015
samlambert
243
12k
Scaling GitHub
holman
457
140k
The Invisible Side of Design
smashingmag
294
49k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
659
120k

Transcript

  1. Keycloak: the Open Source Identity and Access Management for Modern

    Applications OpenShift Commons @ Kubecon EU Amsterdam | 2023-04-18 Alexander Schwartz | Principal Software Engineer | Red Hat

  2. Keycloak is an Open Source Identity and Access Management Solution

    • Authenticate and authorize users for applications • Configure interactively or fully automated • Bridge to existing security infrastructures • Extend and customize as needed • Run and scale in cloud and non-cloud environments

  3. Let Keycloak handle AuthZ and AuthN for your apps Login

    Request Verify token < Token > API Cloud Services

  4. A typical Keycloak login page…

  5. Optional: Use existing user directories via federation LDAP Active Directory

    User Store User Federation

  6. … it can do a lot more …

  7. … and use other providers …

  8. … or skip the form with Kerberos/SNPEGO! This page intentionally

    left blank.

  9. Powerful required actions in the login flow • Configure One

    Time Passwords • WebAuthn Register • Terms and Conditions • Update Password • Update Profile • Verify Email • … … or build your own! …

  10. Enable Admins Manage Keycloak via web UI, REST and CLI

  11. Enable Users Manage account details, password and second factor.

  12. Enable continuous everything • Export/import of realms • REST API

    and CLI • Configuration files and CRDs apiVersion: k8s.keycloak.org/v2alpha1 kind: Keycloak metadata: labels: app: keycloak name: keycloak namespace: ... spec: hostname: hostname: keycloak... additionalOptions: - name: db value: postgres - name: db-url value: jdbc:postgresql://… - name: db-pool-min-size value: ... - name: db-pool-max-size

  13. From the Server developer guide: • Customize the theme •

    Configure login flows • Add new required actions • Create event listener • Supply mappers for federations • Connect any custom user storage Customize to your needs

  14. • Extract archive and run • Use pre-built containers •

    Customize the Keycloak container with your providers • Use the Keycloak Operator Run in cloud and non-cloud environments

  15. Keycloak is an Open Source Identity and Access Management Solution

    • Authenticate and authorize users for applications • Configure interactively or fully automated • Bridge to existing security infrastructures • Extend and customize as needed • Run and scale in cloud and non-cloud environments

  16. • Keycloak https://www.keycloak.org • Getting started on bare metal https://www.keycloak.org/getting-started/getting-started-zip

    • Getting started on OpenShift https://www.keycloak.org/getting-started/getting-started-openshift • Keycloak Operator Guides https://www.keycloak.org/guides#operator • Server Developer Guide https://www.keycloak.org/docs/latest/server_development Links