Keycloak is Open Source Identity and Access Management. It add authentication to applications and secure services with minimum effort.
No need to deal with storing users or authenticating users. Keycloak provides Single-Sign On, Identity Brokering and Social Login, user federation, Admin Console, Account Management Console/ user management, strong authentication using Standard Protocols like OpenID Connect, OAuth 2.0, and SAML., fine-grained Authorization Services, and more like
In short KeyCloak provies
Single-Sign On:- Login once to multiple applications, Standard Protocols:- OpenID Connect, OAuth 2.0 and SAML 2.0, Centralized Management:- For admins and users , Adapters:- Secure applications and services easily, LDAP and Active Directory:- Connect to existing user directories, Social Login :-Easily enable social login, Identity Brokering:- OpenID Connect or SAML 2.0 IdPs, High Performance :- , Lightweight, fast and scalable, Clustering :- For scalability and availability, Themes:- Customize look and feel , Extensible:- Customize through code and Password Policies:- Customize password policies
In this playlists/sequence of keycloak of blogs we will try to understand the keycloak and its usees using below points
1- Installation of Keycloak
2- Starting and stop of standalon keycloak
3- variour tab and options of keycloak
4- Integration of Keycloak with Spring boot application and html or java script ui applications as identity broker.
5- keycloak with twitter/facebook/linkedin etc oauth integrations.
6- Integration of keycloak as external idp
7- Connector in keycloak to connect mysql db for user federation.
8- Keycloak client adaptor.i.e. spring , springsecurity
9- Tomcat adaptor i.e. how to secure your application that is running on your tomcat.
10- Keycloak with angular and react.
11- Keycloak with nodejs
So lets start with
1- Installation of Keycloak
2- Starting and stop of standalon keycloak
3- variour tab and options of keycloak
1- Installation of Keycloak
Keycloak can be downloaded from the below url depending on your O/S`
https://www.keycloak.org/downloads
as we are using windows we had installed zip
2- Starting and stop of standalon keycloak
Now lets see how we can start and stop the keycloak server.
Frist try to see what are option available for keycloak command prompt
Note:- as we are going to use the this command frequent i had added into my PATH so that i can execute it directly from any folder on compand prompt.
1 2 | C:\Users\Siddhartha>kc --help Keycloak - Open Source Identity and Access Management |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 | Find more information at: https://www.keycloak.org/docs/latest Usage: kc.bat [OPTIONS] [COMMAND] Use this command-line tool to manage your Keycloak cluster. Make sure the command is available on your "PATH" or prefix it with "./" (e.g.: "./kc.bat") to execute from the current folder. Options: -cf, --config-file <file> Set the path to a configuration file. By default, configuration properties are read from the "keycloak.conf" file in the "conf" directory. -h, --help This help message. -v, --verbose Print out error details when running this command. -V, --version Show version information Commands: build Creates a new and optimized server image. start Start the server. start-dev Start the server in development mode. export Export data from realms to a file or directory. import Import data from a directory or a file. show-config Print out the current configuration. tools Utilities for use and interaction with the server. completion Generate bash/zsh completion script for kc.bat. ... |
now lets try to start our server in dev mode using below command
1 2 3 4 5 6 7 8 | C:\Users\Siddhartha>kc start-dev Updating the configuration and installing your custom providers, if any. Please wait. 2022-12-15 11:53:14,293 INFO [io.quarkus.deployment.QuarkusAugmentor] (main) Quarkus augmentation completed in 18943ms .... 2022-12-15 11:53:44,352 INFO [io.quarkus] (main) Keycloak 20.0.2 on JVM (powered by Quarkus 2.13.3.Final) started in 29.440s. Listening on: http://0.0.0.0:8080 2022-12-15 11:53:44,353 INFO [io.quarkus] (main) Profile dev activated. 2022-12-15 11:53:44,354 INFO [io.quarkus] (main) Installed features: [agroal, cdi, hibernate-orm, jdbc-h2, jdbc-mariadb, jdbc-mssql, jdbc-mysql, jdbc-oracle, jdbc-postgresql, keycloak, logging-gelf, narayana-jta, reactive-routes, resteasy, resteasy-jackson, smallrye-context-propagation, smallrye-health, smallrye-metrics, vault, vertx] 2022-12-15 11:53:44,362 WARN [org.keycloak.quarkus.runtime.KeycloakMain] (main) Running the server in development mode. DO NOT use this configuration in production. |
now hit this url http://localhost:8080/ and you will be able to see your local sandalone server is started.
As this is fresh installation it wil lask to create user for Adminstration console lets create the same.
Now lets try to understand the left menu in the keycloak admin console which is used to manage
1- Clients and Client scopes:- Client roles are namespaces dedicated to clients. Each client gets its own namespace and Role Scope Mappings limit the roles declared inside an access token. When a client requests a user authentication, the access token they receive contains only the role mappings that are explicitly specified for the client’s scope. for more info refer to
https://www.keycloak.org/docs/latest/server_admin/index.html#con-client-roles_server_administration_guide
https://www.keycloak.org/docs/latest/server_admin/index.html#_role_scope_mappings
2-Realm roles and Groups:- this is used for users access and permissions to use applications.A role typically applies to one type of user. For example, an organization may include admin, user, manager, and employee roles. Groups are a collection of users to which you apply roles and attributes. Roles define specific applications permissions and access control. for more information refer to . for more information refer to
https://www.keycloak.org/docs/latest/server_admin/index.html#assigning-permissions-using-roles-and-groups
3- Users :- Use to manager the user that is going to interact with the keycloak server. with this option you can perform wide range of actions to manage users i.e. Creating users, Defining user credentials, Setting a password for a user, Creating an OTP, Configuring user attributes, Allowing users to self-register etc for more refer to
https://www.keycloak.org/docs/latest/server_admin/index.html#assembly-managing-users_server_administration_guide
4- Sessions and Events:- When users log into realms, Keycloak maintains a user session for each user and remembers each client visited by the user within the session.
for more info refer to https://www.keycloak.org/docs/latest/server_admin/index.html#managing-user-sessions
5- Configure:- this tab help in cofiguration item from the admin section for user and clients i.e.
Enforcing strict password and One Time Password (OTP) policies.
Managing different credential types.
Logging in with Kerberos.
Disabling and enabling built-in credential types.
for more info refer to
https://www.keycloak.org/docs/latest/server_admin/index.html#configuring-authentication_server_administration_guide
6- Realm settings:-
with this option we can configure realms. A realm is a space where you manage objects, including users, applications, roles, and groups. A user belongs to and logs into a realm. One Keycloak deployment can define, store, and manage as many realms as there is space for in the database.
For more info refer to
https://www.keycloak.org/docs/latest/server_admin/index.html#configuring-realms
7- Authentication
This section helps on following items
Enforcing strict password and One Time Password (OTP) policies.
Managing different credential types.
Logging in with Kerberos.
Disabling and enabling built-in credential types.
for more info refer to
https://www.keycloak.org/docs/latest/server_admin/index.html#configuring-authentication_server_administration_guide
8- Identity providers
An Identity Broker is an intermediary service connecting service providers with identity providers. The identity broker creates a relationship with an external identity provider to use the provider’s identities to access the internal services the service provider exposes.
for more info refer to
https://www.keycloak.org/docs/latest/server_admin/index.html#_identity_broker
9- User federation
This is used for Using external storage
for more info refer to
https://www.keycloak.org/docs/latest/server_admin/index.html#adding-a-provider
No comments:
Post a Comment