book

Keycloak - Identity and Access Management for Modern Applications

Name: Keycloak - Identity and Access Management for Modern Applications
ISBN: 9781800562493

by Stian Thorgersen, Pedro Igor Silva

June 2021

Beginner to intermediate

362 pages

7h 52m

English

Packt Publishing

Read now

Unlock full access

Keycloak - Identity and Access Management for Modern Applications
ContributorsAbout the authorsAbout the reviewers
Preface
Who this book is forWhat this book coversTo get the most out of this bookDownload the example code filesCode in ActionDownload the color imagesConventions usedGet in touchReviews
Section 1: Getting Started with Keycloak
Chapter 1: Getting Started with Keycloak
Technical requirements Introducing KeycloakInstalling and running KeycloakRunning Keycloak on DockerInstalling and running Keycloak with OpenJDKDiscovering the Keycloak admin and account consolesGetting started with the Keycloak admin consoleGetting started with the Keycloak account consoleSummaryQuestions
Chapter 2: Securing Your First Application
Technical requirementsUnderstanding the sample applicationRunning the applicationUnderstanding how to log in to the applicationSecurely invoking the backend REST APISummaryQuestions
Section 2: Securing Applications with Keycloak
Chapter 3: Brief Introduction to Standards
Authorizing application access with OAuth 2.0Authenticating users with OpenID ConnectLeveraging JWT for tokensUnderstanding why SAML 2.0 is still relevantSummaryQuestions
Chapter 4: Authenticating Users with OpenID Connect
Technical requirementsRunning the OpenID Connect playgroundUnderstanding the Discovery endpointAuthenticating a userUnderstanding the ID tokenUpdating the user profileAdding a custom propertyAdding roles to the ID tokenInvoking the UserInfo endpointDealing with users logging outInitiating the logoutLeveraging ID and access token expirationLeveraging OIDC Session ManagementLeveraging OIDC Back-Channel LogoutA note on OIDC Front-Channel LogoutHow should you deal with logout?SummaryQuestionsFurther reading
Chapter 5: Authorizing Access with OAuth 2.0
Technical requirementsRunning the OAuth 2.0 playgroundObtaining an access tokenRequiring user consentLimiting the access granted to access tokensUsing the audience to limit token accessUsing roles to limit token accessUsing the scope to limit token accessValidating access tokensSummaryQuestionsFurther reading
Chapter 6: Securing Different Application Types
Technical requirementsUnderstanding internal and external applicationsSecuring web applicationsSecuring server-side web applicationsSecuring a SPA with a dedicated REST APISecuring a SPA with an intermediary REST APISecuring a SPA with an external REST APISecuring native and mobile applicationsSecuring REST APIs and servicesSummaryQuestionsFurther reading

Chapter 7: Integrating Applications with Keycloak
Technical requirements Choosing an integration architectureChoosing an integration optionIntegrating with Golang applicationsConfiguring a Golang clientIntegrating with Java applicationsUsing QuarkusUsing Spring BootUsing Keycloak adaptersIntegrating with JavaScript applicationsIntegrating with Node.js applicationsCreating a Node.js resource serverIntegrating with Python applicationsCreating a Python clientCreating a Python resource serverUsing a reverse proxyTry not to implement your own integrationSummaryQuestionsFurther reading
Chapter 8: Authorization Strategies
Understanding authorizationUsing RBACUsing GBACMapping group membership into tokensUsing OAuth2 scopesUsing ABACUsing Keycloak as a centralized authorization serverSummaryQuestionsFurther reading
Section 3: Configuring and Managing Keycloak
Chapter 9: Configuring Keycloak for Production
Technical requirementsSetting the hostname for KeycloakSetting the frontend URLSetting the backend URLSetting the admin URLEnabling TLSConfiguring a databaseEnabling clusteringConfiguring a reverse proxyDistributing the load across nodesForwarding client informationKeeping session affinityTesting your environmentTesting load balancing and failoverTesting the frontend and backchannel URLsSummaryQuestionsFurther reading
Chapter 10: Managing Users
Technical requirementsManaging local usersCreating a local userManaging user credentialsObtaining and validating user informationEnabling self-registrationManaging user attributesIntegrating with LDAP and Active DirectoryUnderstanding LDAP mappersSynchronizing groupsSynchronizing rolesIntegrating with third-party identity providersCreating a OpenID Connect identity providerIntegrating with social identity providersAllowing users to manage their dataSummaryQuestionsFurther reading
Chapter 11: Authenticating Users
Technical requirementsUnderstanding authentication flowsConfiguring an authentication flowUsing passwordsChanging password policiesResetting user passwordsUsing OTPsChanging OTP policiesAllowing users to choose whether they want to use OTPForcing users to authenticate using OTPUsing Web Authentication (WebAuthn)Enabling WebAuthn for an authentication flowRegistering a security device and authenticatingUsing strong authenticationSummaryQuestionsFurther reading
Chapter 12: Managing Tokens and Sessions
Technical requirementsManaging sessionsManaging session lifetimesManaging active sessionsExpiring user sessions prematurelyUnderstanding cookies and their relation to sessionsManaging tokensManaging ID tokens' and access tokens' lifetimesManaging refresh tokens' lifetimesEnabling refreshing token rotationRevoking tokensSummaryQuestionsFurther reading
Chapter 13: Extending Keycloak
Technical requirementsUnderstanding Service Provider InterfacesPackaging a custom providerInstalling a custom providerUnderstanding the KeycloakSessionFactory and KeycloakSession componentsUnderstanding the life cycle of a providerConfiguring providersChanging the look and feelUnderstanding themesCreating and deploying a new themeExtending templatesExtending theme-related SPIsCustomizing authentication flowsLooking at other customization pointsSummaryQuestionsFurther reading
Section 4: Security Considerations
Chapter 14: Securing Keycloak and Applications
Securing KeycloakEncrypting communication to KeycloakConfiguring the Keycloak hostnameRotating the signing keys used by KeycloakRegularly updating KeycloakLoading secrets into Keycloak from an external vaultProtecting Keycloak with a firewall and an intrusion prevention systemSecuring the databaseProtecting the database with a firewallEnabling authentication and access control for the databaseEncrypting the databaseSecuring cluster communicationEnabling cluster authenticationEncrypting cluster communicationSecuring user accountsSecuring applicationsWeb application securityOAuth 2.0 and OpenID Connect best practiceKeycloak client configurationsSummaryQuestionsFurther reading
Assessments
Chapter 1Chapter 2Chapter 3Chapter 4Chapter 5Chapter 6Chapter 7Chapter 8Chapter 9Chapter 10Chapter 11Chapter 12Chapter 13Chapter 14
Why subscribe?
Other Books You May EnjoyPackt is searching for authors like youLeave a review - let other readers know what you think

Overview

This book, "Keycloak - Identity and Access Management for Modern Applications", serves as your comprehensive guide to mastering Keycloak. You'll learn how to secure applications through effective authentication and authorization strategies using Keycloak, OpenID Connect, and OAuth 2.0. Featuring practical examples and detailed explanations, this resource is ideal for anyone looking to enhance application security.

What this Book will help me do

Understand the fundamentals of Keycloak, including installation, configuration, and management.
Configure and manage Keycloak to secure various types of applications effectively.
Gain practical experience with OAuth 2.0 and OpenID Connect for implementing secure authentication and authorization.
Learn how to prepare and optimize Keycloak for production environments with advanced extensions.
Secure your applications and servers by utilizing Keycloak's robust authentication and authorization strategies.

Author(s)

Stian Thorgersen and Pedro Igor Silva are experienced professionals in the field of identity and access management, and they bring their rich expertise to this book. Stian is one of the core contributors to Keycloak and has been integral in its development. Pedro has extensive practical knowledge in applying security protocols in robust applications. Together, they provide you with an insightful and practical resource to get the most out of Keycloak.

Who is it for?

This book is perfect for developers, system administrators, and security engineers who are looking to secure their applications using modern techniques and tools. If you're familiar with basic concepts of application development and have a foundational understanding of authentication and authorization, you'll find this book particularly beneficial for furthering your skills and goals in security management.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Keycloak - Identity and Access Management for Modern Applications - Second Edition

Publisher Resources

ISBN: 9781800562493

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills