Book Image

Keycloak - Identity and Access Management for Modern Applications

By : Stian Thorgersen, Pedro Igor Silva
Book Image

Keycloak - Identity and Access Management for Modern Applications

By: Stian Thorgersen, Pedro Igor Silva

Overview of this book

Implementing authentication and authorization for applications can be a daunting experience, often leaving them exposed to security vulnerabilities. Keycloak is an open-source solution for identity management and access management for modern applications, which can make a world of difference if you learn how to use it. Keycloak, helping you get started with using it and securing your applications. Complete with hands-on tutorials, best practices, and self-assessment questions, this easy-to-follow guide will show you how to secure a sample application and then move on to securing different application types. As you progress, you will understand how to configure and manage Keycloak as well as how to leverage some of its more advanced capabilities. Finally, you'll gain insights into securely using Keycloak in production. By the end of this book, you will have learned how to install and manage Keycloak as well as how to secure new and existing applications.
Table of Contents (21 chapters)
Section 1: Getting Started with Keycloak
Section 2: Securing Applications with Keycloak
Section 3: Configuring and Managing Keycloak
Section 4: Security Considerations

Using strong authentication

Strong authentication is a term that's widely used nowadays. What it means depends on the context where it is used. In general, strong authentication is about employing either two-factor or multiple-factor authentication to authenticate users.

As you learned in the previous sections, Keycloak provides the necessary capabilities to enable either 2FA or MFA for a realm. If your requirements for strong authentication only require the use of 2FA, you are good to go with either OTP or a security device when you're using WebAuthn.

However, MFA is probably the strongest form of authentication you can get, where biometric authorization is a key aspect of securely identifying and authenticating the user. In this case, you should consider using WebAuthn and setting up security devices to verify the identity of the user – using fingerprint scanning, for instance – to make sure the user using the device is indeed the user trying to authenticate...