Slide 1

Slide 1 text

Keycloak for .NET Developers Boris Wilhelms @boriswilhelms Consultant

Slide 2

Slide 2 text

Boris Wilhelms • Consultant and Architect at Thinktecture AG • Focus on • Identity- & Access-Management solutions • Web-based, cloud nativ application architectures • .NET Core • Email: [email protected] • Twitter: @boriswilhelms Keycloak for .NET Developers Who am I?

Slide 3

Slide 3 text

• What is Keycloak? • Comparison to IdentityServer and Azure Active Directory B2C • How to integrate Keycloak Keycloak for .NET Developers Agenda

Slide 4

Slide 4 text

• Open Source Identity and Access Management • Based on Java • Ready to run product • Initial (1.0) release in 2014 • Current Version 13.0.1 – Mai 2021 • Sponsored by RedHat • Paid product with Support RedHat Single-Sign on Keycloak for .NET Developers What is Keycloak?

Slide 5

Slide 5 text

• Single-Sign On • OpenID Connect, OAuth 2.0, SAML 2.0 • Identity Brokering (OpenID Connect or SAML) and Social Logins • Two-Factor authentication / WebAuthN • Multiple database support. Oracle, Microsoft SQL Server, MySQL PostgreSQL • LDAP and Active Directory for User Storage • Authentication and authorization • Admin UI & - REST API • User Self-Service Portal Keycloak for .NET Developers Features

Slide 6

Slide 6 text

Keycloak for .NET Developers Library Product Self hosted SaaS hosted IdentityServer Azure AD / B2C Ory Hydra Keycloak OpenIddict Auth0 (Okta)

Slide 7

Slide 7 text

Keycloak for .NET Developers Comparison IdentityServer Keycloak Azure B2C Library to implement STS Ready to run IAM product Ready to run SaaS IAM product OpenId Connect / OAuth OpenId Connect / OAuth / SAML / UMA OpenId Connect / OAuth / SAML Client & Token management only User-, Client- & Token management User-, Client- & Token management No user authentication / authorization Authentication & Authorization Authentication & Authorization Most flexible / DIY Extension points are available (Java) Very limited extension points (Webhooks) Self-hosting Self-hosting Microsoft Azure Cloud only With version 5 paid license. Free plans available for Open Source projects & small companies Free & Open Source Paid Product with support via RedHat Single-Sign on Pay per monthly active user

Slide 8

Slide 8 text

- Keycloak provides “adapters” for Java, JavaScript (Browser), Node.js - Use OpenId Connect / OAuth - Use SAML for legacy applications - Keycloak issues Jwt tokens - HTTP calls for authorization using UMA protocol Keycloak for .NET Developers How to integrate Keycloak

Slide 9

Slide 9 text

ASP.NET Core API: • Use JwtBearer authentication middleware • Custom claims transformation for roles • Authorization: Custom code ASP.NET Core MVC Client Application: • Use OpenId Connect authentication middleware • Custom claims transformation for roles • Authorization: Custom code Keycloak for .NET Developers How to integrate Keycloak

Slide 10

Slide 10 text

Demo Keycloak for .NET Developers

Slide 11

Slide 11 text

Pros • Ready to run product • Full IAM solution • Low “time to first token” • Good documentation • Free with optional paid product with support plan available (with Red Har Single Sign-On) • Admin UI / User self service portal Cons • Ready to run product • Limited extension points • Java Stack • Not lightweight Keycloak for .NET Developers Pros & cons

Slide 12

Slide 12 text

Keycloak for .NET Developers Boris Wilhelms [email protected] @boriswilhelms Thank you! https://github.com/thinktecture-labs/webinar-keycloak