際際滷

際際滷Share a Scribd company logo

Draft: building secure applications with keycloak (oidc/jwt)

?Download as PPTX, PDF?
?
A
Abhishek Koserwal

Building an enterprise level single sign-on application with the help of keycloak (Open Source Identity and Access Management). And understanding the way to secure your application; frontend & backend API¨s. Managing user federation with minimum configuration.

1 of 8
Downloaded 44 times
Building secure applications with keycloak (OIDC/JWT) Abhishek Koserwal Red Hat
Agenda ¢ IAAA Security factor ¢ Oauth2/OpenID ¢ Why? Keycloak ¢ OIDC/SAML - Keycloak adapters (which & why?) ¢ Understanding Json Web Token (JWT) ¢ Integrating frontend(Angular/React) with keycloak adapter. - ¢ Access token/refresh token ¢ JWT Validation at backend & securing API endpoints ¢ Q & A
¢ Identification: set of attributes related to an entity (person -> attribute [name, email] ) ¢ Authentication: is the process of verifying an identity (who they say they are) ¢ Authorization: is the process of verifying what someone is allowed to do (permissions) ¢ Accounting: logs, user action, traceability of action IAAA Security Factor
Are we using Oauth2/OpenID? Delegation Auth Allow website to access my data without providing my password? ? Authentication/Identity Level ? Authorization/Access Control Level ? Site needs to manage security ? Store hash password, verify the hash against a database
¢ Oauth2 != Authentication, only Authorization ¢ Access Granting Protocol ¢ Delegated access OAuth2/OpenID? ¢ Identity, Authentication + Oauth2 = OpenID Connect ¢ Federation
Why? Keycloak ¢ Open source Identity and Access Management solution (https://github.com/keycloak/keycloak) ¢ Browsers, mobiles and clouds ¢ Many accounts ¢ Admin headache Features ¢ SSO ¢ Admin console ¢ Login forms ¢ Account management ¢ Multi-factor auth ¢ Social login ¢ ..
Setup: keycloak docker pull jboss/keycloak docker run -d -e KEYCLOAK_USER=<USERNAME> -e KEYCLOAK_PASSWORD=<PASSWORD> -p 8081:8080 jboss/keycloak Require docker daemon running Standalone server distribution (https://www.keycloak.org/downloads.htm)
Draft: building secure applications with keycloak (oidc/jwt)

More Related Content

Draft: building secure applications with keycloak (oidc/jwt)

  • 1. Building secure applications with keycloak (OIDC/JWT) Abhishek Koserwal Red Hat
  • 2. Agenda ¢ IAAA Security factor ¢ Oauth2/OpenID ¢ Why? Keycloak ¢ OIDC/SAML - Keycloak adapters (which & why?) ¢ Understanding Json Web Token (JWT) ¢ Integrating frontend(Angular/React) with keycloak adapter. - ¢ Access token/refresh token ¢ JWT Validation at backend & securing API endpoints ¢ Q & A
  • 3. ¢ Identification: set of attributes related to an entity (person -> attribute [name, email] ) ¢ Authentication: is the process of verifying an identity (who they say they are) ¢ Authorization: is the process of verifying what someone is allowed to do (permissions) ¢ Accounting: logs, user action, traceability of action IAAA Security Factor
  • 4. Are we using Oauth2/OpenID? Delegation Auth Allow website to access my data without providing my password? ? Authentication/Identity Level ? Authorization/Access Control Level ? Site needs to manage security ? Store hash password, verify the hash against a database
  • 5. ¢ Oauth2 != Authentication, only Authorization ¢ Access Granting Protocol ¢ Delegated access OAuth2/OpenID? ¢ Identity, Authentication + Oauth2 = OpenID Connect ¢ Federation
  • 6. Why? Keycloak ¢ Open source Identity and Access Management solution (https://github.com/keycloak/keycloak) ¢ Browsers, mobiles and clouds ¢ Many accounts ¢ Admin headache Features ¢ SSO ¢ Admin console ¢ Login forms ¢ Account management ¢ Multi-factor auth ¢ Social login ¢ ..
  • 7. Setup: keycloak docker pull jboss/keycloak docker run -d -e KEYCLOAK_USER=<USERNAME> -e KEYCLOAK_PASSWORD=<PASSWORD> -p 8081:8080 jboss/keycloak Require docker daemon running Standalone server distribution (https://www.keycloak.org/downloads.htm)

Editor's Notes

  • #6: https://tools.ietf.org/html/rfc6749 https://openid.net/connect/
  • #8: https://www.keycloak.org/downloads.html