Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Keycloak - Identity and Access Management for Modern Applications
  • Table Of Contents Toc
Keycloak - Identity and Access Management for Modern Applications

Keycloak - Identity and Access Management for Modern Applications

By : Stian Thorgersen, Pedro Igor Silva
4.5 (15)
Buy this Book
close
close
Keycloak - Identity and Access Management for Modern Applications

Keycloak - Identity and Access Management for Modern Applications

4.5 (15)
By: Stian Thorgersen, Pedro Igor Silva
Buy this Book

Overview of this book

Implementing authentication and authorization for applications can be a daunting experience, often leaving them exposed to security vulnerabilities. Keycloak is an open-source solution for identity management and access management for modern applications, which can make a world of difference if you learn how to use it. Keycloak, helping you get started with using it and securing your applications. Complete with hands-on tutorials, best practices, and self-assessment questions, this easy-to-follow guide will show you how to secure a sample application and then move on to securing different application types. As you progress, you will understand how to configure and manage Keycloak as well as how to leverage some of its more advanced capabilities. Finally, you'll gain insights into securely using Keycloak in production. By the end of this book, you will have learned how to install and manage Keycloak as well as how to secure new and existing applications.
Table of Contents (21 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Download the example code files
Icon
Code in Action
Icon
Download the color images
Icon
Conventions used
Icon
Get in touch
Icon
Reviews
1
Section 1: Getting Started with Keycloak
Icon
Section 1: Getting Started with Keycloak
Lock Free Chapter
2
Chapter 1: Getting Started with Keycloak
Icon
Chapter 1: Getting Started with Keycloak
Icon
Technical requirements
Icon
Introducing Keycloak
Icon
Installing and running Keycloak
Icon
Discovering the Keycloak admin and account consoles
Icon
Summary
Icon
Questions
3
Chapter 2: Securing Your First Application
Icon
Chapter 2: Securing Your First Application
Icon
Technical requirements
Icon
Understanding the sample application
Icon
Running the application
Icon
Understanding how to log in to the application
Icon
Securely invoking the backend REST API
Icon
Summary
Icon
Questions
4
Section 2: Securing Applications with Keycloak
Icon
Section 2: Securing Applications with Keycloak
5
Chapter 3: Brief Introduction to Standards
Icon
Chapter 3: Brief Introduction to Standards
Icon
Authorizing application access with OAuth 2.0
Icon
Authenticating users with OpenID Connect
Icon
Leveraging JWT for tokens
Icon
Understanding why SAML 2.0 is still relevant
Icon
Summary
Icon
Questions
6
Chapter 4: Authenticating Users with OpenID Connect
chevron up
Icon
Chapter 4: Authenticating Users with OpenID Connect
Icon
Technical requirements
Icon
Running the OpenID Connect playground
Icon
Understanding the Discovery endpoint
Icon
Authenticating a user
Icon
Understanding the ID token
Icon
Invoking the UserInfo endpoint
Icon
Dealing with users logging out
Icon
Summary
Icon
Questions
Icon
Further reading
7
Chapter 5: Authorizing Access with OAuth 2.0
Icon
Chapter 5: Authorizing Access with OAuth 2.0
Icon
Technical requirements
Icon
Running the OAuth 2.0 playground
Icon
Obtaining an access token
Icon
Requiring user consent
Icon
Limiting the access granted to access tokens
Icon
Validating access tokens
Icon
Summary
Icon
Questions
Icon
Further reading
8
Chapter 6: Securing Different Application Types
Icon
Chapter 6: Securing Different Application Types
Icon
Technical requirements
Icon
Understanding internal and external applications
Icon
Securing web applications
Icon
Securing native and mobile applications
Icon
Securing REST APIs and services
Icon
Summary
Icon
Questions
Icon
Further reading
9
Chapter 7: Integrating Applications with Keycloak
Icon
Chapter 7: Integrating Applications with Keycloak
Icon
Technical requirements
Icon
Choosing an integration architecture
Icon
Choosing an integration option
Icon
Integrating with Golang applications
Icon
Integrating with Java applications
Icon
Integrating with JavaScript applications
Icon
Integrating with Node.js applications
Icon
Integrating with Python applications
Icon
Using a reverse proxy
Icon
Try not to implement your own integration
Icon
Summary
Icon
Questions
Icon
Further reading
10
Chapter 8: Authorization Strategies
Icon
Chapter 8: Authorization Strategies
Icon
Understanding authorization
Icon
Using RBAC
Icon
Using GBAC
Icon
Using OAuth2 scopes
Icon
Using ABAC
Icon
Using Keycloak as a centralized authorization server
Icon
Summary
Icon
Questions
Icon
Further reading
11
Section 3: Configuring and Managing Keycloak
Icon
Section 3: Configuring and Managing Keycloak
12
Chapter 9: Configuring Keycloak for Production
Icon
Chapter 9: Configuring Keycloak for Production
Icon
Technical requirements
Icon
Setting the hostname for Keycloak
Icon
Enabling TLS
Icon
Configuring a database
Icon
Enabling clustering
Icon
Configuring a reverse proxy
Icon
Testing your environment
Icon
Summary
Icon
Questions
Icon
Further reading
13
Chapter 10: Managing Users
Icon
Chapter 10: Managing Users
Icon
Technical requirements
Icon
Managing local users
Icon
Integrating with LDAP and Active Directory
Icon
Integrating with third-party identity providers
Icon
Integrating with social identity providers
Icon
Allowing users to manage their data
Icon
Summary
Icon
Questions
Icon
Further reading
14
Chapter 11: Authenticating Users
Icon
Chapter 11: Authenticating Users
Icon
Technical requirements
Icon
Understanding authentication flows
Icon
Using passwords
Icon
Using OTPs
Icon
Using Web Authentication (WebAuthn)
Icon
Using strong authentication
Icon
Summary
Icon
Questions
Icon
Further reading
15
Chapter 12: Managing Tokens and Sessions
Icon
Chapter 12: Managing Tokens and Sessions
Icon
Technical requirements
Icon
Managing sessions
Icon
Managing tokens
Icon
Summary
Icon
Questions
Icon
Further reading
16
Chapter 13: Extending Keycloak
Icon
Chapter 13: Extending Keycloak
Icon
Technical requirements
Icon
Understanding Service Provider Interfaces
Icon
Changing the look and feel
Icon
Customizing authentication flows
Icon
Looking at other customization points
Icon
Summary
Icon
Questions
Icon
Further reading
17
Section 4: Security Considerations
Icon
Section 4: Security Considerations
18
Chapter 14: Securing Keycloak and Applications
Icon
Chapter 14: Securing Keycloak and Applications
Icon
Securing Keycloak
Icon
Securing the database
Icon
Securing cluster communication
Icon
Securing user accounts
Icon
Securing applications
Icon
Summary
Icon
Questions
Icon
Further reading
19
Assessments
Icon
Chapter 1
Icon
Chapter 2
Icon
Chapter 3
Icon
Chapter 4
Icon
Chapter 5
Icon
Chapter 6
Icon
Chapter 7
Icon
Chapter 8
Icon
Chapter 9
Icon
Chapter 10
Icon
Chapter 11
Icon
Chapter 12
Icon
Chapter 13
Icon
Chapter 14
Icon
Why subscribe?
20
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Packt is searching for authors like you
Icon
Leave a review - let other readers know what you think

Authenticating a user

The most common way to authenticate a user with Keycloak is through the OpenID Connect authorization code flow.

In summary, to authenticate a user with this flow, an application redirects to Keycloak, which displays a login page to authenticate the user. After the user has authenticated, the application receives an ID token, which contains information about the user.

In the following diagram, the authorization code flow is shown in more detail:

Figure 4.3 – The authorization code flow

The steps from the diagram are explained in more detail as follows:

  1. The user clicks on a login button in the application.
  2. The application generates an authentication request.
  3. The authentication request is sent to the user in form of a 302 redirect, instructing the user-agent to redirect to the authorization endpoint provided by Keycloak.
  4. The user-agent opens the authorization endpoint with the query parameters specified by...
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Keycloak - Identity and Access Management for Modern Applications
End of Section 6
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist download Download options
font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon