Book Image

Keycloak - Identity and Access Management for Modern Applications

By : Stian Thorgersen, Pedro Igor Silva
Book Image

Keycloak - Identity and Access Management for Modern Applications

By: Stian Thorgersen, Pedro Igor Silva

Overview of this book

Implementing authentication and authorization for applications can be a daunting experience, often leaving them exposed to security vulnerabilities. Keycloak is an open-source solution for identity management and access management for modern applications, which can make a world of difference if you learn how to use it. Keycloak, helping you get started with using it and securing your applications. Complete with hands-on tutorials, best practices, and self-assessment questions, this easy-to-follow guide will show you how to secure a sample application and then move on to securing different application types. As you progress, you will understand how to configure and manage Keycloak as well as how to leverage some of its more advanced capabilities. Finally, you'll gain insights into securely using Keycloak in production. By the end of this book, you will have learned how to install and manage Keycloak as well as how to secure new and existing applications.
Table of Contents (21 chapters)
Section 1: Getting Started with Keycloak
Section 2: Securing Applications with Keycloak
Section 3: Configuring and Managing Keycloak
Section 4: Security Considerations

Using passwords

In the previous chapters, you were basically using passwords to authenticate users. You were also quickly introduced to how to set up passwords when managing users. In this section, we are going to look closer at how password-based authentication works and how passwords are managed.


We are not going to cover how users authenticate using passwords here because you are already familiar with that, but we will be covering additional details around this form of authentication.

Password-based authentication is probably one of the most popular methods for authenticating users. It is easy to implement and is what most end users are used to when they need to authenticate into a system. However, the simplicity of this credential type has some disadvantages and weaknesses, all of which we will cover later in this section.

To help us overcome some of the disadvantages of password-based authentication, Keycloak relies on common best practices to make sure passwords...