Keycloak fuer .NET Entwickler

Transcript

1. Keycloak for .NET Developers Boris Wilhelms @boriswilhelms Consultant

2. Boris Wilhelms • Consultant and Architect at Thinktecture AG •

   Focus on • Identity- & Access-Management solutions • Web-based, cloud nativ application architectures • .NET Core • Email: [email protected] • Twitter: @boriswilhelms Keycloak for .NET Developers Who am I?

3. • What is Keycloak? • Comparison to IdentityServer and Azure

   Active Directory B2C • How to integrate Keycloak • Authorization Keycloak for .NET Developers Agenda

4. • Open Source Identity and Access Management • Based on

   Java • Ready to run product • Initial (1.0) release in 2014 • Current Version 12.0.3 – February 2021 • Sponsored by RedHat • Paid product with Support RedHat Single-Sign on Keycloak for .NET Developers What is Keycloak?

5. • Single-Sign On • OpenID Connect, OAuth 2.0, SAML 2.0

   • Identity Brokering (OpenID Connect or SAML) and Social Logins • Two-Factor authentication / WebAuthN • Multiple database support. Oracle, Microsoft SQL Server, MySQL PostgreSQL • LDAP and Active Directory for User Storage • Authentication and authorization • Admin UI & - REST API • User Self-Service Portal Keycloak for .NET Developers Features

6. Keycloak for .NET Developers Library Product Self hosted SaaS hosted

   IdentityServer Azure AD / B2C Ory Hydra Keycloak OpenIddict

7. Keycloak for .NET Developers Comparison IdentityServer Keycloak Azure B2C Library

   to implement STS Ready to run IAM product Ready to run SaaS IAM product OpenId Connect / OAuth OpenId Connect / OAuth / SAML / UMA OpenId Connect / OAuth / SAML Client & Token management only User-, Client- & Token management User-, Client- & Token management No user authentication / authorization Authentication & Authorization Authentication & Authorization Most flexible / DIY Extension points are available (Java) Very limited extension points (Webhooks) Self-hosting Self-hosting Microsoft Azure Cloud only With version 5 paid license. Free plans available for Open Source projects & small companies Free & Open Source Paid Product with support via RedHat Single-Sign on Pay per monthly active user

8. - Keycloak provides “adapters” for Java, JavaScript (Browser), Node.js -

   Use OpenId Connect / OAuth - Use SAML for legacy applications - Keycloak issues Jwt tokens - HTTP calls for authorization using UMA protocol Keycloak for .NET Developers How to integrate Keycloak

9. ASP.NET Core API: • Use JwtBearer authentication middleware • Custom

   claims transformation for roles • Authorization: Custom code ASP.NET Core MVC Client Application: • Use OpenId Connect authentication middleware • Custom claims transformation for roles • Authorization: Custom code Keycloak for .NET Developers How to integrate Keycloak

10. Demo Keycloak for .NET Developers

11. - Authorizations can be managed in Keycloak - Fine grained

    authorization policies - Keycloak supports User Managed Access (UMA) protocol - Resource Owner can manage and control access to resources - Clients can request access - Authorization policies can be managed via - Admin UI - User self service portal - REST API Keycloak for .NET Developers Authorization

12. Flows Keycloak for .NET Developers Authorization

13. Demo Keycloak for .NET Developers

14. Pros • Ready to run product • Full IAM solution

    • Low “time to first token” • Good documentation • Free with optional paid product with support plan available (with Red Har Single Sign-On) • Admin UI / User self service portal Cons • Ready to run product • Limited extension points • Does not support all grant types • Java Stack • Not lightweight Keycloak for .NET Developers Pros & cons

15. Keycloak for .NET Developers Boris Wilhelms [email protected] @boriswilhelms Thank you!

    https://github.com/thinktecture-labs/webinar-keycloak