Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Keycloak fuer .NET Entwickler

Keycloak fuer .NET Entwickler

Boris Wilhelms

May 26, 2021

More Decks by Boris Wilhelms

Other Decks in Programming


  1. Boris Wilhelms • Consultant and Architect at Thinktecture AG •

    Focus on • Identity- & Access-Management solutions • Web-based, cloud nativ application architectures • .NET Core • Email: [email protected] • Twitter: @boriswilhelms Keycloak for .NET Developers Who am I?
  2. • What is Keycloak? • Comparison to IdentityServer and Azure

    Active Directory B2C • How to integrate Keycloak Keycloak for .NET Developers Agenda
  3. • Open Source Identity and Access Management • Based on

    Java • Ready to run product • Initial (1.0) release in 2014 • Current Version 13.0.1 – Mai 2021 • Sponsored by RedHat • Paid product with Support RedHat Single-Sign on Keycloak for .NET Developers What is Keycloak?
  4. • Single-Sign On • OpenID Connect, OAuth 2.0, SAML 2.0

    • Identity Brokering (OpenID Connect or SAML) and Social Logins • Two-Factor authentication / WebAuthN • Multiple database support. Oracle, Microsoft SQL Server, MySQL PostgreSQL • LDAP and Active Directory for User Storage • Authentication and authorization • Admin UI & - REST API • User Self-Service Portal Keycloak for .NET Developers Features
  5. Keycloak for .NET Developers Library Product Self hosted SaaS hosted

    IdentityServer Azure AD / B2C Ory Hydra Keycloak OpenIddict Auth0 (Okta)
  6. Keycloak for .NET Developers Comparison IdentityServer Keycloak Azure B2C Library

    to implement STS Ready to run IAM product Ready to run SaaS IAM product OpenId Connect / OAuth OpenId Connect / OAuth / SAML / UMA OpenId Connect / OAuth / SAML Client & Token management only User-, Client- & Token management User-, Client- & Token management No user authentication / authorization Authentication & Authorization Authentication & Authorization Most flexible / DIY Extension points are available (Java) Very limited extension points (Webhooks) Self-hosting Self-hosting Microsoft Azure Cloud only With version 5 paid license. Free plans available for Open Source projects & small companies Free & Open Source Paid Product with support via RedHat Single-Sign on Pay per monthly active user
  7. - Keycloak provides “adapters” for Java, JavaScript (Browser), Node.js -

    Use OpenId Connect / OAuth - Use SAML for legacy applications - Keycloak issues Jwt tokens - HTTP calls for authorization using UMA protocol Keycloak for .NET Developers How to integrate Keycloak
  8. ASP.NET Core API: • Use JwtBearer authentication middleware • Custom

    claims transformation for roles • Authorization: Custom code ASP.NET Core MVC Client Application: • Use OpenId Connect authentication middleware • Custom claims transformation for roles • Authorization: Custom code Keycloak for .NET Developers How to integrate Keycloak
  9. Pros • Ready to run product • Full IAM solution

    • Low “time to first token” • Good documentation • Free with optional paid product with support plan available (with Red Har Single Sign-On) • Admin UI / User self service portal Cons • Ready to run product • Limited extension points • Java Stack • Not lightweight Keycloak for .NET Developers Pros & cons