Keycloak - Identity and Access Management for Modern Applications - Second Edition

By : Stian Thorgersen, Pedro Igor Silva

4.8 (5)

Buy this Book

Keycloak - Identity and Access Management for Modern Applications - Second Edition

4.8 (5)

By: Stian Thorgersen, Pedro Igor Silva

Buy this Book

Overview of this book

The second edition of Keycloak - Identity and Access Management for Modern Applications is an updated, comprehensive introduction to Keycloak and its updates. In this new edition, you will learn how to use the latest distribution of Keycloak. The recent versions of Keycloak are now based on Quarkus, which brings a new and improved user experience and a new admin console with a higher focus on usability. You will see how to leverage Spring Security, instead of the Keycloak Spring adapter while using Keycloak 22. As you progress, you’ll understand the new Keycloak distribution and explore best practices in using OAuth. Finally, you'll cover general best practices and other information on how to protect your applications. By the end of this new edition, you’ll have learned how to install and manage the latest version of Keycloak to secure new and existing applications using the latest features.

Preface

Who this book is for

What this book covers

To get the most out of this book

Getting Started with Keycloak

Technical requirements

Introducing Keycloak

Installing and running Keycloak

Discovering the Keycloak admin and account consoles

Summary

Questions

Free Chapter

Securing Your First Application

Technical requirements

Understanding the sample application

Running the application

Understanding how to log in to the application

Securely invoking the backend REST API

Summary

Questions

Brief Introduction to Standards

Authorizing application access with OAuth 2.0

Authenticating users with OpenID Connect

Leveraging JWT for tokens

Understanding why SAML 2.0 is still relevant

Summary

Questions

Authenticating Users with OpenID Connect

Technical requirements

Running the OpenID Connect playground

Understanding the Discovery endpoint

Authenticating a user

Understanding the ID token

Invoking the UserInfo endpoint

Dealing with users logging out

Summary

Questions

Further reading

Authorizing Access with OAuth 2.0

Technical requirements

Running the OAuth 2.0 playground

Obtaining an access token

Requiring user consent

Limiting the access granted to access tokens

Validating access tokens

Summary

Questions

Further reading

Securing Different Application Types

Technical requirements

Understanding internal and external applications

Securing web applications

Securing native and mobile applications

Securing REST APIs and services

Summary

Questions

Further reading

Integrating Applications with Keycloak

Technical requirements

Choosing an integration architecture

Choosing an integration option

Integrating with Golang applications

Integrating with Java applications

Integrating with JavaScript applications

Integrating with Node.js applications

Using a reverse proxy

Try not to implement your own integration

Summary

Questions

Further reading

Authorization Strategies

Understanding authorization

Using Keycloak as a centralized authorization server

Summary

Questions

Further reading

Configuring Keycloak for Production

Technical requirements

Setting the hostname for Keycloak

Enabling TLS

Configuring a database

Enabling clustering

Configuring a reverse proxy

Testing your environment

Summary

Questions

Further reading

Managing Users

Technical requirements

Managing local users

Integrating with LDAP and Active Directory

Integrating with third-party identity providers

Integrating with social identity providers

Allowing users to manage their data

Summary

Questions

Further reading

Authenticating Users

Technical requirements

Understanding authentication flows

Using passwords

Using OTPs

Using Web Authentication (WebAuthn)

Using strong authentication

Summary

Questions

Further reading

Managing Tokens and Sessions

Technical requirements

Summary

Extending Keycloak

Technical requirements

Understanding service provider interfaces

Changing the look and feel

Customizing authentication flows

Looking at other customization points

Summary

Questions

Further reading

Securing Keycloak and Applications

Securing Keycloak

Securing cluster communication

Securing user accounts

Securing applications

Summary

Assessments

Other Books You May Enjoy

Index

Customer Reviews

4.8 (5)

5 star

80%

4 star

20%

3 star

2 star

1 star

Understanding the ID token

In the previous section, you received a token response, including an ID token from Keycloak, but we didn’t take a good look at what’s inside the ID token.

The ID token is by default a signed JSON Web Token (JWT), which follows this format:

<Header>.<Payload>.<Signature>

The header and the payload are Base64 URL-encoded JSON documents.

If you take a look at the Token Response in the playground application, you can see the ID token in its encoded format. An example of the encoded ID token is also shown in the following screenshot from the playground application:

Figure 4.7: Encoded ID token

Under the ID Token section, you will see the decoded token broken into three parts. The header tells you what algorithm is used, the type of the payload, and the key ID of the key that was used to sign the token.

An example of a decoded ID Token is shown in the following screenshot from the playground application...

Keycloak - Identity and Access Management for Modern Applications - Second Edition

By : Stian Thorgersen, Pedro Igor Silva

Keycloak - Identity and Access Management for Modern Applications - Second Edition

By: Stian Thorgersen, Pedro Igor Silva

Overview of this book

Related Content you might be interested in

Current Title:

Keycloak - Identity and Access Management for Modern Applications - Second Edition

Cloud Identity Patterns and Strategies

Azure Active Directory for Secure Application Development

Implementing Multifactor Authentication

Understanding the ID token