Download as PDF, PPTX
Uploaded byGlobalLogic Ukraine
“How to Secure Your Applications With a Keycloak?
The document provides an overview of Keycloak, an open-source identity and access management solution, detailing its features such as single sign-on and integration capabilities. It outlines fundamental security principles and the process of implementing Keycloak in applications, highlighting its reliability and ease of use. Additionally, it emphasizes the importance of having a secure application framework and provides guidance on setting up Keycloak for various development environments.
More Related Content
Similar to “How to Secure Your Applications With a Keycloak?
“How to Secure Your Applications With a Keycloak?
- 1. 1 Confidential Keycloak as BigBrother or How to Secure Your Applications? Ihor Didyk Software Engineer at GlobalLogic Aug, 2022
- 2.
- 3. 3 Confidential 3 Disclaimer Everything described thereis true and complete to the best of author's knowledge. All recommendations and inferences are made without guarantee of the part of the author. The author disclaims any liability in connection with the use of this information.
- 4.
- 5. 5 Confidential 5 IAAA Security Principle Identification Email,username, ID number Authorization Access permissions Authentication Password, token, signature Accountability Logs, user actions, traceability of actions
- 6. 6 Confidential 6 Implementation of CustomSecurity Layer ● Manage login/registration forms ● Manage user profiles ● Store users, passwords ● Check credentials ● API for token management Authentication for Backend ● Integrate this into the project ● Combine UI and backend together with authentication flows Authentication for UI 1 Put together 3 Project Integration 4 2
- 7. 7 Confidential 7 Simple Projects Structure DB Black box UI Project1 DB Black box UI Project 2
- 8. 8 Confidential 8 Reasons to DelegateYour Security Stay DRY Don’t Repeat Yourself So you need some ways to protect your data You are probably not a security expert
- 9.
- 10. 10 Confidential 10 Keycloak Overview Open-source identityand access management. Features: Single sign in LDAP and Active Directory Clustering Standard protocols Social login Themes Centralized management Identity brokering Extensible Adapters High performance Password policies Sign in once to multiple applications Connect to existing user directories Optimize scalability and availability OpenID Connect, OAuth 2.0, and SAML 2.0 Easily enable social sign in Customize look and feeling Available both for admins and users OpenID Connect or SAML 2.0 IdPs Customize through code Customize password policies Easy, fast, and scalable Secure applications and services
- 11. 11 Confidential 11 Core Concepts Keycloak Users UI(Themes) User Federation Realm: Master Roles Groups Events Roles Security Defenses Clients GitHub, Twitter, Google, Facebook, etc. OpenID Connect SAML Identity Provider
- 12. 12 Confidential 12 Reasons to UseKeycloak Reliable Solution ● Stable release: 19.0.1 July 29, 2022 ● Issues board (https://github.com/keycloak/k eycloak/issues) ● Documentation (https://www.keycloak.org/doc umentation.html) Open Source ● Free product ● Various customizations and contributions ● Open community Straightforward ● Not reinventing the wheel ● Shared libraries, keys, certificates, and configurations
- 13. 13 Confidential 13 Launch Keycloak Launch with JBossWildFly Launch with Docker 1. Download Keycloak from https://www.keycloak.org/downloads.html 2. Use the following command: keycloak-x.x.x.Final/bin>./stand alone.sh Use the following commands: 1. docker pull jboss/keycloak 2. docker run --rm -d --name keycloak -p 5555:8080 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin jboss/keycloak
- 14. 14 Confidential 14 Prepare to integratewith Keycloak Realm: external-apps Keycloak Client ID: hello-world-app OpenID Connect/SAML Resource Endpoint Keycloak Adapter Mobile App Frontend App Backend App SDK: Android, iOS Client side: JS Server side: Java, Python, Node.js, Ruby, C#, etc.
- 15. 15 Confidential 15 Integrate with Keycloak Providea client configuration 3 Create a client 2 Create a realm 1 ● You can use master for a dev environment or base it into your business domain (for example, external-appsor internal-apps). ● Create a client for your application (for example, hello-world-app). Client configuration requires the following details: ○ Protocol — SAML or OIDC). ○ Resource endpoint — the application hostname or REST endpoint. ○ Redirect URL — where to redirect the user when authentication is granted. ● Provide the client configuration to your application as input, for example: ○ The client ID (hello-world-app). ○ The realm (external-apps). ○ The Keycloak server URL.
- 16.
- 17.