Book Image

Keycloak - Identity and Access Management for Modern Applications

By : Stian Thorgersen, Pedro Igor Silva
Book Image

Keycloak - Identity and Access Management for Modern Applications

By: Stian Thorgersen, Pedro Igor Silva

Overview of this book

Implementing authentication and authorization for applications can be a daunting experience, often leaving them exposed to security vulnerabilities. Keycloak is an open-source solution for identity management and access management for modern applications, which can make a world of difference if you learn how to use it. Keycloak, helping you get started with using it and securing your applications. Complete with hands-on tutorials, best practices, and self-assessment questions, this easy-to-follow guide will show you how to secure a sample application and then move on to securing different application types. As you progress, you will understand how to configure and manage Keycloak as well as how to leverage some of its more advanced capabilities. Finally, you'll gain insights into securely using Keycloak in production. By the end of this book, you will have learned how to install and manage Keycloak as well as how to secure new and existing applications.
Table of Contents (21 chapters)
Section 1: Getting Started with Keycloak
Section 2: Securing Applications with Keycloak
Section 3: Configuring and Managing Keycloak
Section 4: Security Considerations

Understanding authentication flows

In Keycloak, authentication is driven by a set of sequential steps or executions that are grouped together to define how the identity should be verified, depending on the authentication flow. Depending on the flow, the authentication requirements, as well as the steps to verify the identity of the actor trying to authenticate into a realm, changes.

Keycloak has a set of well-defined flows representing how end users and clients – the actors – can authenticate into a realm. For end users, the authentication flow usually involves using the browser as an intermediary. The steps for the clients are based on backchannel requests to the token endpoint.

Keycloak is very flexible in terms of how you can define these flows. By default, realms are created with built-in definitions that cover the most common requirements to authenticate end users and clients, which you can change or extend any time to address your own authentication requirements...