Keycloak for .NET Developers Boris Wilhelms @boriswilhelms Consultant 

Boris Wilhelms • Consultant and Architect at Thinktecture AG • Focus on • Identity- & Access-Management solutions • Web-based, cloud nativ application architectures • .NET Core • Email: [email protected] • Twitter: @boriswilhelms Keycloak for .NET Developers Who am I? 

• What is Keycloak? • Comparison to IdentityServer and Azure Active Directory B2C • How to integrate Keycloak Keycloak for .NET Developers Agenda 

• Open Source Identity and Access Management • Based on Java • Ready to run product • Initial (1.0) release in 2014 • Current Version 13.0.1 – Mai 2021 • Sponsored by RedHat • Paid product with Support RedHat Single-Sign on Keycloak for .NET Developers What is Keycloak? 

• Single-Sign On • OpenID Connect, OAuth 2.0, SAML 2.0 • Identity Brokering (OpenID Connect or SAML) and Social Logins • Two-Factor authentication / WebAuthN • Multiple database support. Oracle, Microsoft SQL Server, MySQL PostgreSQL • LDAP and Active Directory for User Storage • Authentication and authorization • Admin UI & - REST API • User Self-Service Portal Keycloak for .NET Developers Features 

Keycloak for .NET Developers Library Product Self hosted SaaS hosted IdentityServer Azure AD / B2C Ory Hydra Keycloak OpenIddict Auth0 (Okta) 

Keycloak for .NET Developers Comparison IdentityServer Keycloak Azure B2C Library to implement STS Ready to run IAM product Ready to run SaaS IAM product OpenId Connect / OAuth OpenId Connect / OAuth / SAML / UMA OpenId Connect / OAuth / SAML Client & Token management only User-, Client- & Token management User-, Client- & Token management No user authentication / authorization Authentication & Authorization Authentication & Authorization Most flexible / DIY Extension points are available (Java) Very limited extension points (Webhooks) Self-hosting Self-hosting Microsoft Azure Cloud only With version 5 paid license. Free plans available for Open Source projects & small companies Free & Open Source Paid Product with support via RedHat Single-Sign on Pay per monthly active user 

- Keycloak provides “adapters” for Java, JavaScript (Browser), Node.js - Use OpenId Connect / OAuth - Use SAML for legacy applications - Keycloak issues Jwt tokens - HTTP calls for authorization using UMA protocol Keycloak for .NET Developers How to integrate Keycloak 

ASP.NET Core API: • Use JwtBearer authentication middleware • Custom claims transformation for roles • Authorization: Custom code ASP.NET Core MVC Client Application: • Use OpenId Connect authentication middleware • Custom claims transformation for roles • Authorization: Custom code Keycloak for .NET Developers How to integrate Keycloak 

Demo Keycloak for .NET Developers 

Pros • Ready to run product • Full IAM solution • Low “time to first token” • Good documentation • Free with optional paid product with support plan available (with Red Har Single Sign-On) • Admin UI / User self service portal Cons • Ready to run product • Limited extension points • Java Stack • Not lightweight Keycloak for .NET Developers Pros & cons 

Keycloak for .NET Developers Boris Wilhelms [email protected] @boriswilhelms Thank you! https://github.com/thinktecture-labs/webinar-keycloak