Upgrade to Pro — share decks privately, control downloads, hide ads and more …

AuthN & AuthZ with distributed systems

AuthN & AuthZ with distributed systems

- Understanding about AuthN & AuthZ
- Understanding about keycloak solution
- Demo AuthN & AuthZ with keycloak, gitlab, kong, backend apps

thanhgit

April 29, 2022
Tweet

More Decks by thanhgit

Other Decks in Technology

Transcript

  1. AuthN & AuthZ with
    distributed systems
    By Thanh Nguyen

    View Slide

  2. What authentication & authorization

    View Slide

  3. Why do you need authenticate and authorize ?
    - About user:
    - Protect your data (sensitive data) with user identity (authentication)
    - Ensure that your business operate in security way
    - About system:
    - Data don’t affect each other between tenants in application
    - Each user type have behaviours differently perspective roles
    - Interact service-to-service, user-to-service in security way
    ...

    View Slide

  4. Available solution
    - Self-built as a service or apart of software
    - Pros: full control
    - Cons: waste time
    - Using 3rd party such as Facebook, google+, …
    - Pros: quickly development
    - Cons: dependent to external organization
    - Buy enterprise solution: cisco, ibm, oracle, ...
    - Pros: full support, utility
    - Cons: high cost
    - Self-host open source based authorization server: keycloak,
    ory/hydra, …
    - Pros: can customize
    - Cons: have complexity to develop and operate

    View Slide

  5. Technical requirements
    - Single sign on (SSO) such as google, gitlab, sentry, …
    - Basic authentication
    - Authorize webs, apps

    View Slide

  6. Appropriate solution
    - Keycloak as IAM services
    - Keycloak support for integrate for kong api gateway, app, ...
    - Keycloak support for Single Sign-On with google for gitlab, sentry, mastermost, …

    View Slide

  7. Multi-factor authentication

    View Slide

  8. Centrally user management

    View Slide

  9. Single Sign-On

    View Slide

  10. Use case: Keycloak + kong api gateway

    View Slide

  11. View Slide

  12. Demo
    - Demo authN with Single Sign-On
    - Sequence diagram
    - Login gitlab with basic authentication (username / password)
    - Login gitlab with 3rd party (google)
    - Demo authZ
    - Sequence diagram
    - Designing roles
    - Assign user to role
    - Call api with postman

    View Slide

  13. Demo authN with SSO

    View Slide

  14. Login gitlab

    View Slide

  15. Redirect to keycloak login

    View Slide

  16. Authenticate with username / password

    View Slide

  17. Return dashboard of kong user

    View Slide

  18. Authenticate with google

    View Slide

  19. View Slide

  20. View Slide

  21. View Slide

  22. Demo authZ

    View Slide

  23. Designing roles for demo project in keycloak

    View Slide

  24. Assign user1 to admin role in keycloak

    View Slide

  25. Assign user2 to user role in keycloak

    View Slide

  26. Get access token of admin role

    View Slide

  27. Call api with admin role access token

    View Slide

  28. Get access token of user role

    View Slide

  29. Call api with user role access token

    View Slide

  30. Bonus: OAuth 2.0 pattern
    - Authorization code grant flow
    - Implicit grant flow
    - Resource owner password credentials grant flow
    - Client credentials grant flow

    View Slide

  31. Authorization code grant

    View Slide

  32. Implicit grant flow

    View Slide

  33. Resource owner password credentials grant flow

    View Slide

  34. Client credentials grant flow

    View Slide

  35. References
    https://www.keycloak.org/getting-started/getting-started-docker
    https://www.jerney.io/secure-apis-kong-keycloak-1/
    https://github.com/d4rkstar/kong-konga-keycloak

    View Slide

  36. THANK FOR LISTENING

    View Slide