Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Keycloak fuer .NET Entwickler

Keycloak fuer .NET Entwickler

Boris Wilhelms

February 25, 2021
Tweet

More Decks by Boris Wilhelms

Other Decks in Programming

Transcript

  1. Keycloak for .NET Developers
    Boris Wilhelms
    @boriswilhelms
    Consultant

    View full-size slide

  2. Boris Wilhelms
    • Consultant and Architect at Thinktecture AG
    • Focus on
    • Identity- & Access-Management solutions
    • Web-based, cloud nativ application architectures
    • .NET Core
    • Email: [email protected]
    • Twitter: @boriswilhelms
    Keycloak for .NET Developers
    Who am I?

    View full-size slide

  3. • What is Keycloak?
    • Comparison to IdentityServer and Azure Active Directory B2C
    • How to integrate Keycloak
    • Authorization
    Keycloak for .NET Developers
    Agenda

    View full-size slide

  4. • Open Source Identity and Access Management
    • Based on Java
    • Ready to run product
    • Initial (1.0) release in 2014
    • Current Version 12.0.3 – February 2021
    • Sponsored by RedHat
    • Paid product with Support RedHat Single-Sign on
    Keycloak for .NET Developers
    What is Keycloak?

    View full-size slide

  5. • Single-Sign On
    • OpenID Connect, OAuth 2.0, SAML 2.0
    • Identity Brokering (OpenID Connect or SAML) and Social Logins
    • Two-Factor authentication / WebAuthN
    • Multiple database support. Oracle, Microsoft SQL Server, MySQL PostgreSQL
    • LDAP and Active Directory for User Storage
    • Authentication and authorization
    • Admin UI & - REST API
    • User Self-Service Portal
    Keycloak for .NET Developers
    Features

    View full-size slide

  6. Keycloak for .NET Developers
    Library Product
    Self hosted
    SaaS hosted
    IdentityServer
    Azure AD / B2C
    Ory Hydra Keycloak
    OpenIddict

    View full-size slide

  7. Keycloak for .NET Developers
    Comparison
    IdentityServer Keycloak Azure B2C
    Library to implement STS Ready to run IAM product Ready to run SaaS IAM product
    OpenId Connect / OAuth OpenId Connect / OAuth / SAML / UMA OpenId Connect / OAuth / SAML
    Client & Token management only User-, Client- & Token management User-, Client- & Token management
    No user authentication / authorization Authentication & Authorization Authentication & Authorization
    Most flexible / DIY Extension points are available (Java) Very limited extension points (Webhooks)
    Self-hosting Self-hosting Microsoft Azure Cloud only
    With version 5 paid license.
    Free plans available for Open Source
    projects & small companies
    Free & Open Source
    Paid Product with support via RedHat
    Single-Sign on
    Pay per monthly active user

    View full-size slide

  8. - Keycloak provides “adapters” for Java, JavaScript (Browser), Node.js
    - Use OpenId Connect / OAuth
    - Use SAML for legacy applications
    - Keycloak issues Jwt tokens
    - HTTP calls for authorization using UMA protocol
    Keycloak for .NET Developers
    How to integrate Keycloak

    View full-size slide

  9. ASP.NET Core API:
    • Use JwtBearer authentication middleware
    • Custom claims transformation for roles
    • Authorization: Custom code
    ASP.NET Core MVC Client Application:
    • Use OpenId Connect authentication middleware
    • Custom claims transformation for roles
    • Authorization: Custom code
    Keycloak for .NET Developers
    How to integrate Keycloak

    View full-size slide

  10. Demo
    Keycloak for .NET Developers

    View full-size slide

  11. - Authorizations can be managed in Keycloak
    - Fine grained authorization policies
    - Keycloak supports User Managed Access (UMA) protocol
    - Resource Owner can manage and control access to resources
    - Clients can request access
    - Authorization policies can be managed via
    - Admin UI
    - User self service portal
    - REST API
    Keycloak for .NET Developers
    Authorization

    View full-size slide

  12. Flows
    Keycloak for .NET Developers
    Authorization

    View full-size slide

  13. Demo
    Keycloak for .NET Developers

    View full-size slide

  14. Pros
    • Ready to run product
    • Full IAM solution
    • Low “time to first token”
    • Good documentation
    • Free with optional paid product with support plan
    available (with Red Har Single Sign-On)
    • Admin UI / User self service portal
    Cons
    • Ready to run product
    • Limited extension points
    • Does not support all grant types
    • Java Stack
    • Not lightweight
    Keycloak for .NET Developers
    Pros & cons

    View full-size slide

  15. Keycloak for .NET Developers
    Boris Wilhelms
    [email protected]
    @boriswilhelms
    Thank you!
    https://github.com/thinktecture-labs/webinar-keycloak

    View full-size slide