Book Image

Keycloak - Identity and Access Management for Modern Applications

By : Stian Thorgersen, Pedro Igor Silva
Book Image

Keycloak - Identity and Access Management for Modern Applications

By: Stian Thorgersen, Pedro Igor Silva

Overview of this book

Implementing authentication and authorization for applications can be a daunting experience, often leaving them exposed to security vulnerabilities. Keycloak is an open-source solution for identity management and access management for modern applications, which can make a world of difference if you learn how to use it. Keycloak, helping you get started with using it and securing your applications. Complete with hands-on tutorials, best practices, and self-assessment questions, this easy-to-follow guide will show you how to secure a sample application and then move on to securing different application types. As you progress, you will understand how to configure and manage Keycloak as well as how to leverage some of its more advanced capabilities. Finally, you'll gain insights into securely using Keycloak in production. By the end of this book, you will have learned how to install and manage Keycloak as well as how to secure new and existing applications.

Related Content you might be interested in

Current Title:

Small book image
Keycloak - Identity and Access Management for Modern Applications
Stian Thorgersen | Pedro Igor Silva
Jun, 2021 | 362 pages
Small book image
Cloud Identity Patterns and Strategies
Giuseppe Di Federico | Fabrizio Barcaroli
Dec, 2022 | 258 pages
Small book image
Azure Active Directory for Secure Application Development
Sjoukje Zaal
May, 2022 | 268 pages
Small book image
OAuth 2.0 Cookbook
Adolfo Eloy Nascimento
Oct, 2017 | 420 pages
Table of Contents (21 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Code in Action
Download the color images
Conventions used
Get in touch
Reviews
1
Section 1: Getting Started with Keycloak
Section 1: Getting Started with Keycloak
Free Chapter
2
Chapter 1: Getting Started with Keycloak
Chapter 1: Getting Started with Keycloak
Technical requirements
Introducing Keycloak
Installing and running Keycloak
Discovering the Keycloak admin and account consoles
Summary
Questions
3
Chapter 2: Securing Your First Application
Chapter 2: Securing Your First Application
Technical requirements
Understanding the sample application
Running the application
Understanding how to log in to the application
Securely invoking the backend REST API
Summary
Questions
4
Section 2: Securing Applications with Keycloak
Section 2: Securing Applications with Keycloak
5
Chapter 3: Brief Introduction to Standards
Chapter 3: Brief Introduction to Standards
Authorizing application access with OAuth 2.0
Authenticating users with OpenID Connect
Leveraging JWT for tokens
Understanding why SAML 2.0 is still relevant
Summary
Questions
6
Chapter 4: Authenticating Users with OpenID Connect
Chapter 4: Authenticating Users with OpenID Connect
Technical requirements
Running the OpenID Connect playground
Understanding the Discovery endpoint
Authenticating a user
Understanding the ID token
Invoking the UserInfo endpoint
Dealing with users logging out
Summary
Questions
Further reading
7
Chapter 5: Authorizing Access with OAuth 2.0
Chapter 5: Authorizing Access with OAuth 2.0
Technical requirements
Running the OAuth 2.0 playground
Obtaining an access token
Requiring user consent
Limiting the access granted to access tokens
Validating access tokens
Summary
Questions
Further reading
8
Chapter 6: Securing Different Application Types
Chapter 6: Securing Different Application Types
Technical requirements
Understanding internal and external applications
Securing web applications
Securing native and mobile applications
Securing REST APIs and services
Summary
Questions
Further reading
9
Chapter 7: Integrating Applications with Keycloak
Chapter 7: Integrating Applications with Keycloak
Technical requirements
Choosing an integration architecture
Choosing an integration option
Integrating with Golang applications
Integrating with Java applications
Integrating with JavaScript applications
Integrating with Node.js applications
Integrating with Python applications
Using a reverse proxy
Try not to implement your own integration
Summary
Questions
Further reading
10
Chapter 8: Authorization Strategies
Chapter 8: Authorization Strategies
Understanding authorization
Using RBAC
Using GBAC
Using OAuth2 scopes
Using ABAC
Using Keycloak as a centralized authorization server
Summary
Questions
Further reading
11
Section 3: Configuring and Managing Keycloak
Section 3: Configuring and Managing Keycloak
12
Chapter 9: Configuring Keycloak for Production
Chapter 9: Configuring Keycloak for Production
Technical requirements
Setting the hostname for Keycloak
Enabling TLS
Configuring a database
Enabling clustering
Configuring a reverse proxy
Testing your environment
Summary
Questions
Further reading
13
Chapter 10: Managing Users
Chapter 10: Managing Users
Technical requirements
Managing local users
Integrating with LDAP and Active Directory
Integrating with third-party identity providers
Integrating with social identity providers
Allowing users to manage their data
Summary
Questions
Further reading
14
Chapter 11: Authenticating Users
Chapter 11: Authenticating Users
Technical requirements
Understanding authentication flows
Using passwords
Using OTPs
Using Web Authentication (WebAuthn)
Using strong authentication
Summary
Questions
Further reading
15
Chapter 12: Managing Tokens and Sessions
Chapter 12: Managing Tokens and Sessions
Technical requirements
Managing sessions
Managing tokens
Summary
Questions
Further reading
16
Chapter 13: Extending Keycloak
Chapter 13: Extending Keycloak
Technical requirements
Understanding Service Provider Interfaces
Changing the look and feel
Customizing authentication flows
Looking at other customization points
Summary
Questions
Further reading
17
Section 4: Security Considerations
Section 4: Security Considerations
18
Chapter 14: Securing Keycloak and Applications
Chapter 14: Securing Keycloak and Applications
Securing Keycloak
Securing the database
Securing cluster communication
Securing user accounts
Securing applications
Summary
Questions
Further reading
19
Assessments
Chapter 1
Chapter 2
Chapter 3
Chapter 4
Chapter 5
Chapter 6
Chapter 7
Chapter 8
Chapter 9
Chapter 10
Chapter 11
Chapter 12
Chapter 13
Chapter 14
Why subscribe?
20
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Leave a review - let other readers know what you think

What this book covers

Chapter 1, Getting Started with Keycloak, gives you a brief introduction to Keycloak and steps on how to get quickly up to speed by installing and running Keycloak yourself. It also provides an introduction to the Keycloak admin and account consoles.

Chapter 2, Securing Your First Application, explains how to secure your first application with Keycloak through a sample application consisting of a single-page application and a REST API.

Chapter 3, Brief Introduction to Standards, provides a brief introduction and comparison of the standards Keycloak supports to enable you to integrate your applications securely and easily with Keycloak.

Chapter 4, Authenticating Users with OpenID Connect, teaches how to authenticate users by leveraging the OpenID Connect standard. This chapter leverages a sample application that allows you to see and understand how an application authenticates to Keycloak through Open ID Connect.

Chapter 5, Authorizing Access with OAuth 2.0, teaches how to authorize access to REST APIs and other services by leveraging the OAuth 2.0 standard. Through a sample application, you will see firsthand how an application obtains an access token through OAuth 2.0, which the application uses to invoke a protected REST API.

Chapter 6, Securing Different Application Types, covers best practices on how to secure different types of applications, including web, mobile, and native applications, as well as REST APIs and other backend services.

Chapter 7, Integrating Applications with Keycloak, provides steps on how to integrate your applications with Keycloak, covering a range of different programming languages, including Go, Java, client-side JavaScript, Node.js, and Python. It also covers how you can utilize a reverse proxy to secure an application implemented in any programming language or framework.

Chapter 8, Authorization Strategies, covers how your application can use information about the user from Keycloak for access management, covering roles and groups, as well as custom information about users.

Chapter 9, Configuring Keycloak for Production, teaches how to configure Keycloak for production, including how to enable TLS, configuring a relational database, and enabling clustering for additional scale and availability.

Chapter 10, Managing Users, takes a closer look at the capabilities provided by Keycloak related to user management. It also explains how to federate users from external sources such as LDAP, social networks, and external identity providers.

Chapter 11, Authenticating Users, covers the various authentication capabilities provided by Keycloak, including how to enable second-factor authentication, as well as security keys.

Chapter 12, Managing Tokens and Sessions, helps understand how Keycloak leverages server-side sessions to keep track of authenticated users, as well as best practices on managing tokens issued to your applications.

Chapter 13, Extending Keycloak, explains how you can extend Keycloak, covering how you can modify the look and feel of user-facing pages such as the login pages and account console. It also provides a brief introduction to one of the more powerful capabilities of Keycloak that allows you to provide custom extensions for a large number of extension points.

Chapter 14, Securing Keycloak and Applications, provides best practices on how to secure Keycloak for production. It also provides a brief introduction to some best practices to follow when securing your own applications.

Previous Section
Next Section