Book Image

Keycloak - Identity and Access Management for Modern Applications

By : Stian Thorgersen, Pedro Igor Silva
Book Image

Keycloak - Identity and Access Management for Modern Applications

By: Stian Thorgersen, Pedro Igor Silva

Overview of this book

Implementing authentication and authorization for applications can be a daunting experience, often leaving them exposed to security vulnerabilities. Keycloak is an open-source solution for identity management and access management for modern applications, which can make a world of difference if you learn how to use it. Keycloak, helping you get started with using it and securing your applications. Complete with hands-on tutorials, best practices, and self-assessment questions, this easy-to-follow guide will show you how to secure a sample application and then move on to securing different application types. As you progress, you will understand how to configure and manage Keycloak as well as how to leverage some of its more advanced capabilities. Finally, you'll gain insights into securely using Keycloak in production. By the end of this book, you will have learned how to install and manage Keycloak as well as how to secure new and existing applications.
Table of Contents (21 chapters)
Section 1: Getting Started with Keycloak
Section 2: Securing Applications with Keycloak
Section 3: Configuring and Managing Keycloak
Section 4: Security Considerations

Customizing authentication flows

As you learned from Chapter 11, Authenticating Users, Keycloak allows you to easily customize user authentication by changing authentication flows through the administration console. Eventually, the built-in authentication executions might not be enough to address your authentication requirements, and, in this case, you can leverage the Authentication SPI to implement your own authentication executions.

We are not going to cover in this section all the details pertaining to the Authentication SPI, but give you a code example to help you understand the steps and the mechanics when you are creating your own authenticators. The code example for this topic is available from the GitHub repository at ch13/simple-risk-based-authenticator.

The example here is about a quite simple authenticator that relies on a risk score to determine whether the user should provide a second factor when authenticating. The risk score is calculated based only on the number...