ebook img

Keycloak - Identity and Access Management for Modern Applications PDF

362 Pages·2021·5.325 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Keycloak - Identity and Access Management for Modern Applications

Keycloak - SMK tiaaey nnc Identity and Access Management Thaglo oea rmk for Modern Applications gerseent - Ide n fn Keycloak - |ot Per Mity dro a odn Implementing authentication and authorization for applications can be a daunting experience, Igor Sern Ad Acc Identity and Access Management oidfetennti tley amviannga tgheemme enxt paonsde adc tcoe ssse cmuarintay gveumlneenrat bfoilrit mieso.d Keerync alopapkl iicsa atino nosp.en-source solution for ilvappliess for Modern Applications c a t Keycloak - Identity and Access Management for Modern Applications is a comprehensive io n introduction to Keycloak, helping you get started with using it and securing your applications. s Complete with hands-on tutorials, best practices, and self-assessment questions, this easy-to-follow guide will show you how to secure a sample application and then move on to securing diff erent Harness the power of Keycloak, OpenID Connect, application types. As you progress, you will understand how to confi gure and manage Keycloak as well as how to leverage some of its more advanced capabilities. Finally, you'll gain insights into and OAuth 2.0 protocols to secure applications securely using Keycloak in production. By the end of this book, you will have learned how to install and manage Keycloak as well as how to secure new and existing applications. Things you will learn: • Understand how to install, confi gure, • Discover how to leverage additional and manage Keycloak features and how to customize Keycloak • Secure your new and existing applications to fi t your needs with Keycloak • Get to grips with securing Keycloak • Gain a basic understanding of OAuth 2.0 servers and protecting applications and OpenID Connect • Understand how to confi gure Keycloak to make it ready for production use Stian Thorgersen | Pedro Igor Silva Keycloak - Identity and Access Management for Modern Applications Harness the power of Keycloak, OpenID Connect, and OAuth 2.0 protocols to secure applications Stian Thorgersen Pedro Igor Silva BIRMINGHAM—MUMBAI Keycloak - Identity and Access Management for Modern Applications Copyright © 2021 Packt Publishing All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book. Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information. Group Product Manager: Wilson D'souza Publishing Product Manager: Yogesh Deokar Senior Editor: Shazeen Iqbal Content Development Editor: Romy Dias Technical Editor: Sarvesh Jayant Copy Editor: Safis Editing Project Coordinator: Shagun Saini Proofreader: Safis Editing Indexer: Pratik Shirodkar Production Designer: Aparna Bhagat First published: May 2021 Production reference: 1120521 Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK. ISBN 978-1-80056-249-3 www.packt.com To those that are fighting against COVID-19. Specifically, to Jadiel Filho, whose memory will be forever with us. – Pedro Igor Silva Contributors About the authors Stian Thorgersen started his career at Arjuna Technologies building a cloud federation platform, years before most companies were even ready for a single-vendor public cloud. He later joined Red Hat, looking for ways to make developers' lives easier, which is where the idea of Keycloak started. In 2013, Stian co-founded the Keycloak project with another developer at Red Hat. Today, Stian is the Keycloak project lead and is also the top contributor to the project. He is still employed by Red Hat as a senior principal software engineer focusing on identity and access management, both for Red Hat and for Red Hat's customers. In his spare time, there is nothing Stian likes more than throwing his bike down the mountains of Norway. Pedro Igor Silva is a proud dad of amazing girls. He started his career back in 2000 at an ISP, where he had his first experiences with open source projects such as FreeBSD and Linux, as well as a Java and J2EE software engineer. Since then, he has worked in different IT companies as a system engineer, system architect, and consultant. Today, Pedro Igor is a principal software engineer at Red Hat and one of the core developers of Keycloak. His main area of interest and study is now IT security, specifically in the application security and identity and access management spaces. In his non-working hours, he takes care of his planted aquariums. I want to thank my wonderful family for giving me the space and support I've needed to write this book. The whole Packt editing team has helped this first-time author immensely, but I'd like to give a special thanks to Romy Dias, who edited most of my work. About the reviewers Hynek Mlnarik has over 20 years of experience in IT. Theoretical aspects of computer science were so attractive to him that to his own surprise, he eventually found himself holding a PhD in computer science. Yet as he likes the synergy of theory and practice, he has simultaneously worked on the architecture, development, quality engineering, and management of various IT systems, ranging from wholesale support and banking to virtualization and security. In the last few years, his main interest has been in Keycloak, which he has contributed a few lines of code to here and there, and now he reviews the lines contributed by others. Siddhartha De holds an MS degree in systems engineering from BITS Pilani and holds around 10 years of experience in IT industries, which includes technical support, consultation, and infrastructure design. He is currently employed at Red Hat Inc. (India). Łukasz Budnik holds a PhD in information systems and is an inside-outside technologist with over 20 years of experience designing and implementing IT solutions. He has worked on projects such as real-estate portals, car/home insurance, voice and video solutions, mobile banking, and medical systems. For the past 9 years, he has worked as a cloud architect on platforms such as AWS, Azure, Heroku, and Rackspace. Łukasz is an expert in cloud-native applications. He has been responsible for implementing rigorous security, governance, and compliance programs in the cloud. Łukasz is a happy husband and a father to three energetic boys. He is a huge fan of the cloud and doesn't mind the rain (at all)! Łukasz goes by the handle @lukaszbudnik on GitHub and Twitter. Table of Contents Preface Section 1: Getting Started with Keycloak 1 Getting Started with Keycloak Technical requirements 4 and account consoles 9 Introducing Keycloak 4 Getting started with the Keycloak admin console 10 Installing and running Keycloak 5 Getting started with the Keycloak Running Keycloak on Docker 6 account console 14 Installing and running Keycloak with OpenJDK 7 Summary 15 Questions 15 Discovering the Keycloak admin 2 Securing Your First Application Technical requirements 18 Understanding how to log in to Understanding the sample the application 23 application 18 Securely invoking the backend Running the application 22 REST API 27 Summary 27 Questions 28 ii Table of Contents Section 2: Securing Applications with Keycloak 3 Brief Introduction to Standards Authorizing application access Understanding why SAML 2.0 is with OAuth 2.0 32 still relevant 41 Authenticating users with Summary 42 OpenID Connect 36 Questions 42 Leveraging JWT for tokens 39 4 Authenticating Users with OpenID Connect Technical requirements 44 Dealing with users logging out 61 Running the OpenID Connect Initiating the logout 61 playground 44 Leveraging ID and access token Understanding the Discovery expiration 61 endpoint 46 Leveraging OIDC Session Management 62 Leveraging OIDC Back-Channel Logout 62 Authenticating a user 48 A note on OIDC Front-Channel Logout 63 Understanding the ID token 52 How should you deal with logout? 63 Updating the user profile 56 Summary 64 Adding a custom property 56 Adding roles to the ID token 58 Questions 64 Further reading 64 Invoking the UserInfo endpoint 59 5 Authorizing Access with OAuth 2.0 Technical requirements 66 Obtaining an access token 68 Running the OAuth 2.0 Requiring user consent 71 playground 66 Table of Contents iii Limiting the access granted to Validating access tokens 83 access tokens 74 Summary 85 Using the audience to limit token access 75 Questions 86 Using roles to limit token access 76 Further reading 86 Using the scope to limit token access 80 6 Securing Different Application Types Technical requirements 88 Securing a SPA with an external REST API 97 Understanding internal and Securing native and mobile external applications 88 applications 99 Securing web applications 90 Securing REST APIs and services 103 Securing server-side web applications 93 Summary 106 Securing a SPA with a dedicated Questions 106 REST API 94 Securing a SPA with an intermediary Further reading 106 REST API 96 7 Integrating Applications with Keycloak Technical requirements 108 Integrating with Node.js Choosing an integration applications 132 architecture 110 Creating a Node.js resource server 134 Choosing an integration option 112 Integrating with Python Integrating with Golang applications 137 applications 113 Creating a Python client 138 Configuring a Golang client 113 Creating a Python resource server 140 Integrating with Java Using a reverse proxy 143 applications 117 Try not to implement your own Using Quarkus 118 integration 144 Using Spring Boot 122 Summary 145 Using Keycloak adapters 127 Questions 145 Integrating with JavaScript Further reading 146 applications 129

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.