Slide 1

Slide 1 text

Keycloak: the Open Source Identity and Access Management for Modern Applications OpenShift Commons @ Kubecon EU Amsterdam | 2023-04-18 Alexander Schwartz | Principal Software Engineer | Red Hat

Slide 2

Slide 2 text

Keycloak is an Open Source Identity and Access Management Solution ● Authenticate and authorize users for applications ● Configure interactively or fully automated ● Bridge to existing security infrastructures ● Extend and customize as needed ● Run and scale in cloud and non-cloud environments

Slide 3

Slide 3 text

Let Keycloak handle AuthZ and AuthN for your apps Login Request Verify token < Token > API Cloud Services

Slide 4

Slide 4 text

A typical Keycloak login page…

Slide 5

Slide 5 text

Optional: Use existing user directories via federation LDAP Active Directory User Store User Federation

Slide 6

Slide 6 text

… it can do a lot more …

Slide 7

Slide 7 text

… and use other providers …

Slide 8

Slide 8 text

… or skip the form with Kerberos/SNPEGO! This page intentionally left blank.

Slide 9

Slide 9 text

Powerful required actions in the login flow ● Configure One Time Passwords ● WebAuthn Register ● Terms and Conditions ● Update Password ● Update Profile ● Verify Email ● … … or build your own! …

Slide 10

Slide 10 text

Enable Admins Manage Keycloak via web UI, REST and CLI

Slide 11

Slide 11 text

Enable Users Manage account details, password and second factor.

Slide 12

Slide 12 text

Enable continuous everything ● Export/import of realms ● REST API and CLI ● Configuration files and CRDs apiVersion: k8s.keycloak.org/v2alpha1 kind: Keycloak metadata: labels: app: keycloak name: keycloak namespace: ... spec: hostname: hostname: keycloak... additionalOptions: - name: db value: postgres - name: db-url value: jdbc:postgresql://… - name: db-pool-min-size value: ... - name: db-pool-max-size

Slide 13

Slide 13 text

From the Server developer guide: ● Customize the theme ● Configure login flows ● Add new required actions ● Create event listener ● Supply mappers for federations ● Connect any custom user storage Customize to your needs

Slide 14

Slide 14 text

● Extract archive and run ● Use pre-built containers ● Customize the Keycloak container with your providers ● Use the Keycloak Operator Run in cloud and non-cloud environments

Slide 15

Slide 15 text

Keycloak is an Open Source Identity and Access Management Solution ● Authenticate and authorize users for applications ● Configure interactively or fully automated ● Bridge to existing security infrastructures ● Extend and customize as needed ● Run and scale in cloud and non-cloud environments

Slide 16

Slide 16 text

● Keycloak https://www.keycloak.org ● Getting started on bare metal https://www.keycloak.org/getting-started/getting-started-zip ● Getting started on OpenShift https://www.keycloak.org/getting-started/getting-started-openshift ● Keycloak Operator Guides https://www.keycloak.org/guides#operator ● Server Developer Guide https://www.keycloak.org/docs/latest/server_development Links