Book Image

Keycloak - Identity and Access Management for Modern Applications - Second Edition

By : Stian Thorgersen, Pedro Igor Silva
4.8 (5)
Book Image

Keycloak - Identity and Access Management for Modern Applications - Second Edition

4.8 (5)
By: Stian Thorgersen, Pedro Igor Silva

Overview of this book

The second edition of Keycloak - Identity and Access Management for Modern Applications is an updated, comprehensive introduction to Keycloak and its updates. In this new edition, you will learn how to use the latest distribution of Keycloak. The recent versions of Keycloak are now based on Quarkus, which brings a new and improved user experience and a new admin console with a higher focus on usability. You will see how to leverage Spring Security, instead of the Keycloak Spring adapter while using Keycloak 22. As you progress, you’ll understand the new Keycloak distribution and explore best practices in using OAuth. Finally, you'll cover general best practices and other information on how to protect your applications. By the end of this new edition, you’ll have learned how to install and manage the latest version of Keycloak to secure new and existing applications using the latest features.
Table of Contents (18 chapters)
16
Other Books You May Enjoy
17
Index

Securing user accounts

With regard to securing user accounts, you will want to protect against an attacker gaining access to the user account and also protect information about the user, including their password.

Preventing an attacker from accessing a user account is mostly about enabling strong authentication, and not just accepting a password as the means of authentication. If your users are relying on passwords, even in combination with a second factor, it is important that passwords are protected.

Passwords are protected by leveraging a strong password hashing algorithm, having a good password policy, and enabling brute-force protection for passwords. It is also important to educate users in terms of what is a strong password and that they should not reuse passwords with other services.

To configure a password policy, open the Keycloak administration console and select the realm you want to configure. Then, click on Authentication, then Policies, and select the Password...