Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Keycloak fuer .NET Entwickler

Keycloak fuer .NET Entwickler

52c76fb01bb5d1908f91b0231a44a7b5?s=128

Boris Wilhelms

February 25, 2021
Tweet

Transcript

  1. Keycloak for .NET Developers Boris Wilhelms @boriswilhelms Consultant

  2. Boris Wilhelms • Consultant and Architect at Thinktecture AG •

    Focus on • Identity- & Access-Management solutions • Web-based, cloud nativ application architectures • .NET Core • Email: boris.wilhelms@thinktecture.com • Twitter: @boriswilhelms Keycloak for .NET Developers Who am I?
  3. • What is Keycloak? • Comparison to IdentityServer and Azure

    Active Directory B2C • How to integrate Keycloak • Authorization Keycloak for .NET Developers Agenda
  4. • Open Source Identity and Access Management • Based on

    Java • Ready to run product • Initial (1.0) release in 2014 • Current Version 12.0.3 – February 2021 • Sponsored by RedHat • Paid product with Support RedHat Single-Sign on Keycloak for .NET Developers What is Keycloak?
  5. • Single-Sign On • OpenID Connect, OAuth 2.0, SAML 2.0

    • Identity Brokering (OpenID Connect or SAML) and Social Logins • Two-Factor authentication / WebAuthN • Multiple database support. Oracle, Microsoft SQL Server, MySQL PostgreSQL • LDAP and Active Directory for User Storage • Authentication and authorization • Admin UI & - REST API • User Self-Service Portal Keycloak for .NET Developers Features
  6. Keycloak for .NET Developers Library Product Self hosted SaaS hosted

    IdentityServer Azure AD / B2C Ory Hydra Keycloak OpenIddict
  7. Keycloak for .NET Developers Comparison IdentityServer Keycloak Azure B2C Library

    to implement STS Ready to run IAM product Ready to run SaaS IAM product OpenId Connect / OAuth OpenId Connect / OAuth / SAML / UMA OpenId Connect / OAuth / SAML Client & Token management only User-, Client- & Token management User-, Client- & Token management No user authentication / authorization Authentication & Authorization Authentication & Authorization Most flexible / DIY Extension points are available (Java) Very limited extension points (Webhooks) Self-hosting Self-hosting Microsoft Azure Cloud only With version 5 paid license. Free plans available for Open Source projects & small companies Free & Open Source Paid Product with support via RedHat Single-Sign on Pay per monthly active user
  8. - Keycloak provides “adapters” for Java, JavaScript (Browser), Node.js -

    Use OpenId Connect / OAuth - Use SAML for legacy applications - Keycloak issues Jwt tokens - HTTP calls for authorization using UMA protocol Keycloak for .NET Developers How to integrate Keycloak
  9. ASP.NET Core API: • Use JwtBearer authentication middleware • Custom

    claims transformation for roles • Authorization: Custom code ASP.NET Core MVC Client Application: • Use OpenId Connect authentication middleware • Custom claims transformation for roles • Authorization: Custom code Keycloak for .NET Developers How to integrate Keycloak
  10. Demo Keycloak for .NET Developers

  11. - Authorizations can be managed in Keycloak - Fine grained

    authorization policies - Keycloak supports User Managed Access (UMA) protocol - Resource Owner can manage and control access to resources - Clients can request access - Authorization policies can be managed via - Admin UI - User self service portal - REST API Keycloak for .NET Developers Authorization
  12. Flows Keycloak for .NET Developers Authorization

  13. Demo Keycloak for .NET Developers

  14. Pros • Ready to run product • Full IAM solution

    • Low “time to first token” • Good documentation • Free with optional paid product with support plan available (with Red Har Single Sign-On) • Admin UI / User self service portal Cons • Ready to run product • Limited extension points • Does not support all grant types • Java Stack • Not lightweight Keycloak for .NET Developers Pros & cons
  15. Keycloak for .NET Developers Boris Wilhelms boris.wilhelms@thinktecture.com @boriswilhelms Thank you!

    https://github.com/thinktecture-labs/webinar-keycloak