book

Keycloak - Identity and Access Management for Modern Applications

Name: Keycloak - Identity and Access Management for Modern Applications
ISBN: 9781800562493

by Stian Thorgersen, Pedro Igor Silva

June 2021

Beginner to intermediate

362 pages

7h 52m

English

Packt Publishing

Read now

Unlock full access

Keycloak - Identity and Access Management for Modern Applications
ContributorsAbout the authorsAbout the reviewers
Preface
Who this book is forWhat this book coversTo get the most out of this bookDownload the example code filesCode in ActionDownload the color imagesConventions usedGet in touchReviews
Section 1: Getting Started with Keycloak
Chapter 1: Getting Started with Keycloak
Technical requirements Introducing KeycloakInstalling and running KeycloakRunning Keycloak on DockerInstalling and running Keycloak with OpenJDKDiscovering the Keycloak admin and account consolesGetting started with the Keycloak admin consoleGetting started with the Keycloak account consoleSummaryQuestions
Chapter 2: Securing Your First Application
Technical requirementsUnderstanding the sample applicationRunning the applicationUnderstanding how to log in to the applicationSecurely invoking the backend REST APISummaryQuestions
Section 2: Securing Applications with Keycloak
Chapter 3: Brief Introduction to Standards
Authorizing application access with OAuth 2.0Authenticating users with OpenID ConnectLeveraging JWT for tokensUnderstanding why SAML 2.0 is still relevantSummaryQuestions
Chapter 4: Authenticating Users with OpenID Connect
Technical requirementsRunning the OpenID Connect playgroundUnderstanding the Discovery endpointAuthenticating a userUnderstanding the ID tokenUpdating the user profileAdding a custom propertyAdding roles to the ID tokenInvoking the UserInfo endpointDealing with users logging outInitiating the logoutLeveraging ID and access token expirationLeveraging OIDC Session ManagementLeveraging OIDC Back-Channel LogoutA note on OIDC Front-Channel LogoutHow should you deal with logout?SummaryQuestionsFurther reading
Chapter 5: Authorizing Access with OAuth 2.0
Technical requirementsRunning the OAuth 2.0 playgroundObtaining an access tokenRequiring user consentLimiting the access granted to access tokensUsing the audience to limit token accessUsing roles to limit token accessUsing the scope to limit token accessValidating access tokensSummaryQuestionsFurther reading
Chapter 6: Securing Different Application Types
Technical requirementsUnderstanding internal and external applicationsSecuring web applicationsSecuring server-side web applicationsSecuring a SPA with a dedicated REST APISecuring a SPA with an intermediary REST APISecuring a SPA with an external REST APISecuring native and mobile applicationsSecuring REST APIs and servicesSummaryQuestionsFurther reading

Chapter 7: Integrating Applications with Keycloak
Technical requirements Choosing an integration architectureChoosing an integration optionIntegrating with Golang applicationsConfiguring a Golang clientIntegrating with Java applicationsUsing QuarkusUsing Spring BootUsing Keycloak adaptersIntegrating with JavaScript applicationsIntegrating with Node.js applicationsCreating a Node.js resource serverIntegrating with Python applicationsCreating a Python clientCreating a Python resource serverUsing a reverse proxyTry not to implement your own integrationSummaryQuestionsFurther reading
Chapter 8: Authorization Strategies
Understanding authorizationUsing RBACUsing GBACMapping group membership into tokensUsing OAuth2 scopesUsing ABACUsing Keycloak as a centralized authorization serverSummaryQuestionsFurther reading
Section 3: Configuring and Managing Keycloak
Chapter 9: Configuring Keycloak for Production
Technical requirementsSetting the hostname for KeycloakSetting the frontend URLSetting the backend URLSetting the admin URLEnabling TLSConfiguring a databaseEnabling clusteringConfiguring a reverse proxyDistributing the load across nodesForwarding client informationKeeping session affinityTesting your environmentTesting load balancing and failoverTesting the frontend and backchannel URLsSummaryQuestionsFurther reading
Chapter 10: Managing Users
Technical requirementsManaging local usersCreating a local userManaging user credentialsObtaining and validating user informationEnabling self-registrationManaging user attributesIntegrating with LDAP and Active DirectoryUnderstanding LDAP mappersSynchronizing groupsSynchronizing rolesIntegrating with third-party identity providersCreating a OpenID Connect identity providerIntegrating with social identity providersAllowing users to manage their dataSummaryQuestionsFurther reading
Chapter 11: Authenticating Users
Technical requirementsUnderstanding authentication flowsConfiguring an authentication flowUsing passwordsChanging password policiesResetting user passwordsUsing OTPsChanging OTP policiesAllowing users to choose whether they want to use OTPForcing users to authenticate using OTPUsing Web Authentication (WebAuthn)Enabling WebAuthn for an authentication flowRegistering a security device and authenticatingUsing strong authenticationSummaryQuestionsFurther reading
Chapter 12: Managing Tokens and Sessions
Technical requirementsManaging sessionsManaging session lifetimesManaging active sessionsExpiring user sessions prematurelyUnderstanding cookies and their relation to sessionsManaging tokensManaging ID tokens' and access tokens' lifetimesManaging refresh tokens' lifetimesEnabling refreshing token rotationRevoking tokensSummaryQuestionsFurther reading
Chapter 13: Extending Keycloak
Technical requirementsUnderstanding Service Provider InterfacesPackaging a custom providerInstalling a custom providerUnderstanding the KeycloakSessionFactory and KeycloakSession componentsUnderstanding the life cycle of a providerConfiguring providersChanging the look and feelUnderstanding themesCreating and deploying a new themeExtending templatesExtending theme-related SPIsCustomizing authentication flowsLooking at other customization pointsSummaryQuestionsFurther reading
Section 4: Security Considerations
Chapter 14: Securing Keycloak and Applications
Securing KeycloakEncrypting communication to KeycloakConfiguring the Keycloak hostnameRotating the signing keys used by KeycloakRegularly updating KeycloakLoading secrets into Keycloak from an external vaultProtecting Keycloak with a firewall and an intrusion prevention systemSecuring the databaseProtecting the database with a firewallEnabling authentication and access control for the databaseEncrypting the databaseSecuring cluster communicationEnabling cluster authenticationEncrypting cluster communicationSecuring user accountsSecuring applicationsWeb application securityOAuth 2.0 and OpenID Connect best practiceKeycloak client configurationsSummaryQuestionsFurther reading
Assessments
Chapter 1Chapter 2Chapter 3Chapter 4Chapter 5Chapter 6Chapter 7Chapter 8Chapter 9Chapter 10Chapter 11Chapter 12Chapter 13Chapter 14
Why subscribe?
Other Books You May EnjoyPackt is searching for authors like youLeave a review - let other readers know what you think

Content preview from Keycloak - Identity and Access Management for Modern Applications

Chapter 5: Authorizing Access with OAuth 2.0

In this chapter, you will get a deeper understanding of how Keycloak enables you to authorize access to REST APIs and other services by leveraging the OAuth 2.0 standard. Through using a sample application that was written for this book, you will see first hand the interaction between an application and Keycloak to retrieve an access token that can be used to securely invoke a service.

We will start by getting the playground application up and running, before using the playground application to obtain a token from Keycloak that can be used to securely invoke a REST API. Then, we'll build on this knowledge to look at obtaining consent from a user before granting access to the application, as well as ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Keycloak - Identity and Access Management for Modern Applications - Second Edition

Publisher Resources

ISBN: 9781800562493

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Keycloak - Identity and Access Management for Modern Applications

by Stian Thorgersen, Pedro Igor Silva

Chapter 5: Authorizing Access with OAuth 2.0

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.