SlideShare a Scribd company logo

Draft: building secure applications with keycloak (oidc/jwt)

Download as PPTX, PDF
A
Abhishek Koserwal

The document discusses building secure applications using Keycloak for identity and access management, focusing on protocols like OAuth2 and OpenID Connect. It covers key concepts such as identification, authentication, authorization, and how to securely integrate frontend applications with Keycloak. Additionally, it provides a brief setup guide for deploying Keycloak using Docker.

Presentations & Public Speaking
1 of 8
Downloaded 48 times
1
2
3
4
5
6
7
8
Building secure applications with keycloak (OIDC/JWT) Abhishek Koserwal Red Hat
Agenda ● IAAA Security factor ● Oauth2/OpenID ● Why? Keycloak ● OIDC/SAML - Keycloak adapters (which & why?) ● Understanding Json Web Token (JWT) ● Integrating frontend(Angular/React) with keycloak adapter. - ● Access token/refresh token ● JWT Validation at backend & securing API endpoints ● Q & A
● Identification: set of attributes related to an entity (person -> attribute [name, email] ) ● Authentication: is the process of verifying an identity (who they say they are) ● Authorization: is the process of verifying what someone is allowed to do (permissions) ● Accounting: logs, user action, traceability of action IAAA Security Factor
Are we using Oauth2/OpenID? Delegation Auth Allow website to access my data without providing my password? ➔ Authentication/Identity Level ➔ Authorization/Access Control Level ➔ Site needs to manage security ➔ Store hash password, verify the hash against a database
● Oauth2 != Authentication, only Authorization ● Access Granting Protocol ● Delegated access OAuth2/OpenID? ● Identity, Authentication + Oauth2 = OpenID Connect ● Federation
Why? Keycloak ● Open source Identity and Access Management solution (https://github.com/keycloak/keycloak) ● Browsers, mobiles and clouds ● Many accounts ● Admin headache Features ● SSO ● Admin console ● Login forms ● Account management ● Multi-factor auth ● Social login ● ..
Setup: keycloak docker pull jboss/keycloak docker run -d -e KEYCLOAK_USER=<USERNAME> -e KEYCLOAK_PASSWORD=<PASSWORD> -p 8081:8080 jboss/keycloak Require docker daemon running Standalone server distribution (https://www.keycloak.org/downloads.htm)
Draft: building secure applications with keycloak (oidc/jwt)

More Related Content

PPTX
Building secure applications with keycloak
Abhishek Koserwal
 
PDF
Secure Spring Boot Microservices with Keycloak
Red Hat Developers
 
PPTX
Secure your app with keycloak
Guy Marom
 
PDF
OAuth 2.0
Uwe Friedrichsen
 
PDF
SAML VS OAuth 2.0 VS OpenID Connect
Ubisecure
 
PDF
Spring security oauth2
axykim00
 
PPTX
Identity management and single sign on - how much flexibility
Ryan Dawson
 
PDF
Spring Security
Knoldus Inc.
 
Building secure applications with keycloak
Abhishek Koserwal
 
Secure Spring Boot Microservices with Keycloak
Red Hat Developers
 
Secure your app with keycloak
Guy Marom
 
OAuth 2.0
Uwe Friedrichsen
 
SAML VS OAuth 2.0 VS OpenID Connect
Ubisecure
 
Spring security oauth2
axykim00
 
Identity management and single sign on - how much flexibility
Ryan Dawson
 
Spring Security
Knoldus Inc.
 

What's hot (20)

PPTX
Spring Security 5
Jesus Perez Franco
 
PPTX
Json Web Token - JWT
Prashant Walke
 
PDF
“How to Secure Your Applications With a Keycloak?
GlobalLogic Ukraine
 
PPT
OAuth 2.0 and OpenId Connect
Saran Doraiswamy
 
PDF
Spring boot
Bhagwat Kumar
 
PPTX
API
Masters Academy
 
PDF
Spring Framework - AOP
Dzmitry Naskou
 
PPTX
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
marcuschristie
 
PPTX
OAuth in the Wild
Victor Rentea
 
PDF
Keycloak Single Sign-On
Ravi Yasas
 
PPTX
Managing Egress with Istio
Solo.io
 
PPTX
OpenID Connect: An Overview
Pat Patterson
 
PDF
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
Vinay Manglani
 
PDF
OAuth2 and Spring Security
Orest Ivasiv
 
PPSX
Rest api standards and best practices
Ankita Mahajan
 
PDF
Keycloak SSO basics
Juan Vicente Herrera Ruiz de Alejo
 
PDF
英国オープンバンキング技術仕様の概要
Tatsuo Kudo
 
PDF
Introduction to OpenID Connect
Nat Sakimura
 
PPTX
User Management Life Cycle with Keycloak
Muhammad Edwin
 
PDF
OpenID Connect Explained
Vladimir Dzhuvinov
 
Spring Security 5
Jesus Perez Franco
 
Json Web Token - JWT
Prashant Walke
 
“How to Secure Your Applications With a Keycloak?
GlobalLogic Ukraine
 
OAuth 2.0 and OpenId Connect
Saran Doraiswamy
 
Spring boot
Bhagwat Kumar
 
API
Masters Academy
 
Spring Framework - AOP
Dzmitry Naskou
 
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
marcuschristie
 
OAuth in the Wild
Victor Rentea
 
Keycloak Single Sign-On
Ravi Yasas
 
Managing Egress with Istio
Solo.io
 
OpenID Connect: An Overview
Pat Patterson
 
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
Vinay Manglani
 
OAuth2 and Spring Security
Orest Ivasiv
 
Rest api standards and best practices
Ankita Mahajan
 
Keycloak SSO basics
Juan Vicente Herrera Ruiz de Alejo
 
英国オープンバンキング技術仕様の概要
Tatsuo Kudo
 
Introduction to OpenID Connect
Nat Sakimura
 
User Management Life Cycle with Keycloak
Muhammad Edwin
 
OpenID Connect Explained
Vladimir Dzhuvinov
 
Ad

Similar to Draft: building secure applications with keycloak (oidc/jwt) (20)

PDF
Java EE Application Security With PicketLink
pigorcraveiro
 
PDF
Using Postman to Test OAuth/OIDC
Postman
 
PDF
Serverless Meetup - Authentication for Serverless Applications [Jul 2020]
Dhaval Nagar
 
PDF
Auth experience - vol 1.0
Haggai Philip Zagury
 
PDF
JavaOne 2014 - Securing RESTful Resources with OAuth2
Rodrigo Cândido da Silva
 
PDF
Authentication in microservice systems - fsto 2017
Dejan Glozic
 
PPTX
Building IAM for OpenStack
Steve Martinelli
 
PDF
2016 pycontw web api authentication
Micron Technology
 
PDF
RoadSec 2017 - Trilha AppSec - APIs Authorization
Erick Belluci Tedeschi
 
PDF
Open Source Identity and Access management with Keycloak.pdf
Anshul Patel
 
PPTX
Configuring Single Sign-On (SSO) via Identity Management | MuleSoft Mysore Me...
MysoreMuleSoftMeetup
 
PDF
Securing FIWARE Architectures
FIWARE
 
PDF
Getting Started with FIDO2
FIDO Alliance
 
PPTX
Intro to Apache Shiro
Claire Hunsaker
 
PDF
GDG Cloud Taipei: Meetup #52 - Istio Security: API Authorization
KAI CHU CHUNG
 
PPT
Extending Oracle SSO
kurtvm
 
PPTX
CBSecurity 3 - Secure Your ColdBox Applications
Ortus Solutions, Corp
 
PDF
Building an Effective Architecture for Identity and Access Management.pdf
Jorge Alvarez
 
PPTX
How to Use Stormpath in angular js
Stormpath
 
PDF
Super simple application security with Apache Shiro
Marakana Inc.
 
Java EE Application Security With PicketLink
pigorcraveiro
 
Using Postman to Test OAuth/OIDC
Postman
 
Serverless Meetup - Authentication for Serverless Applications [Jul 2020]
Dhaval Nagar
 
Auth experience - vol 1.0
Haggai Philip Zagury
 
JavaOne 2014 - Securing RESTful Resources with OAuth2
Rodrigo Cândido da Silva
 
Authentication in microservice systems - fsto 2017
Dejan Glozic
 
Building IAM for OpenStack
Steve Martinelli
 
2016 pycontw web api authentication
Micron Technology
 
RoadSec 2017 - Trilha AppSec - APIs Authorization
Erick Belluci Tedeschi
 
Open Source Identity and Access management with Keycloak.pdf
Anshul Patel
 
Configuring Single Sign-On (SSO) via Identity Management | MuleSoft Mysore Me...
MysoreMuleSoftMeetup
 
Securing FIWARE Architectures
FIWARE
 
Getting Started with FIDO2
FIDO Alliance
 
Intro to Apache Shiro
Claire Hunsaker
 
GDG Cloud Taipei: Meetup #52 - Istio Security: API Authorization
KAI CHU CHUNG
 
Extending Oracle SSO
kurtvm
 
CBSecurity 3 - Secure Your ColdBox Applications
Ortus Solutions, Corp
 
Building an Effective Architecture for Identity and Access Management.pdf
Jorge Alvarez
 
How to Use Stormpath in angular js
Stormpath
 
Super simple application security with Apache Shiro
Marakana Inc.
 
Ad

Recently uploaded (20)

PPTX
English-9-Q1-3-.pptxjkshbxnnxgchchxgxhxhx
jubacjessamae
 
PDF
oil_refinery_presentation_v1 sllfmfls.pdf
TusharPrajapati65
 
PDF
natwest.pdf company description and business model
palakbakshi13
 
PPTX
The Effect of Human Resource Management Practice on Organizational Performanc...
wemasterconstruction
 
PPTX
Primary and secondary sources, and history
valenciamarcchristia
 
PPTX
Emphasizing It's Not The End 08 06 2025.pptx
FamilyWorshipCenterD
 
PPTX
fundraisepro pitch deck elegant and modern
aishanmims
 
PPTX
Introduction-to-Food-Packaging-and-packaging -materials.pptx
pragyanlahkar16
 
PPTX
S. Anis Al Habsyi & Nada Shobah - Klasifikasi Hambatan Depresi.pptx
NadaShobah1
 
PPTX
Introduction to Effective Communication.pptx
AnithaT18
 
PPTX
Anesthesia and it's stage with mnemonic and images
panchalkhushal24
 
PDF
Tunisia's Founding Father(s) Pitch-Deck 2022.pdf
Hafedh Hafez Mechergui
 
DOCX
"Project Management: Ultimate Guide to Tools, Techniques, and Strategies (2025)"
Myplanningtemplates
 
PDF
Parts of Speech Prepositions Presentation in Colorful Cute Style_20250724_230...
ShomailahRashid
 
PPT
First Aid Training Presentation Slides.ppt
WilliamMigoya
 
PPTX
An Unlikely Response 08 10 2025.pptx
FamilyWorshipCenterD
 
PPTX
Tablets And Capsule Preformulation Of Paracetamol
sgsayan31
 
PPTX
Relationship Management Presentation In Banking.pptx
ssuser1d0512
 
PPTX
Presentation for DGJV QMS (PQP)_12.03.2025.pptx
M. Alper SAHIN
 
PDF
Presentation1 [Autosaved].pdf diagnosiss
moibrahim20044
 
English-9-Q1-3-.pptxjkshbxnnxgchchxgxhxhx
jubacjessamae
 
oil_refinery_presentation_v1 sllfmfls.pdf
TusharPrajapati65
 
natwest.pdf company description and business model
palakbakshi13
 
The Effect of Human Resource Management Practice on Organizational Performanc...
wemasterconstruction
 
Primary and secondary sources, and history
valenciamarcchristia
 
Emphasizing It's Not The End 08 06 2025.pptx
FamilyWorshipCenterD
 
fundraisepro pitch deck elegant and modern
aishanmims
 
Introduction-to-Food-Packaging-and-packaging -materials.pptx
pragyanlahkar16
 
S. Anis Al Habsyi & Nada Shobah - Klasifikasi Hambatan Depresi.pptx
NadaShobah1
 
Introduction to Effective Communication.pptx
AnithaT18
 
Anesthesia and it's stage with mnemonic and images
panchalkhushal24
 
Tunisia's Founding Father(s) Pitch-Deck 2022.pdf
Hafedh Hafez Mechergui
 
"Project Management: Ultimate Guide to Tools, Techniques, and Strategies (2025)"
Myplanningtemplates
 
Parts of Speech Prepositions Presentation in Colorful Cute Style_20250724_230...
ShomailahRashid
 
First Aid Training Presentation Slides.ppt
WilliamMigoya
 
An Unlikely Response 08 10 2025.pptx
FamilyWorshipCenterD
 
Tablets And Capsule Preformulation Of Paracetamol
sgsayan31
 
Relationship Management Presentation In Banking.pptx
ssuser1d0512
 
Presentation for DGJV QMS (PQP)_12.03.2025.pptx
M. Alper SAHIN
 
Presentation1 [Autosaved].pdf diagnosiss
moibrahim20044
 

Draft: building secure applications with keycloak (oidc/jwt)

  • 1. Building secure applications with keycloak (OIDC/JWT) Abhishek Koserwal Red Hat
  • 2. Agenda ● IAAA Security factor ● Oauth2/OpenID ● Why? Keycloak ● OIDC/SAML - Keycloak adapters (which & why?) ● Understanding Json Web Token (JWT) ● Integrating frontend(Angular/React) with keycloak adapter. - ● Access token/refresh token ● JWT Validation at backend & securing API endpoints ● Q & A
  • 3. ● Identification: set of attributes related to an entity (person -> attribute [name, email] ) ● Authentication: is the process of verifying an identity (who they say they are) ● Authorization: is the process of verifying what someone is allowed to do (permissions) ● Accounting: logs, user action, traceability of action IAAA Security Factor
  • 4. Are we using Oauth2/OpenID? Delegation Auth Allow website to access my data without providing my password? ➔ Authentication/Identity Level ➔ Authorization/Access Control Level ➔ Site needs to manage security ➔ Store hash password, verify the hash against a database
  • 5. ● Oauth2 != Authentication, only Authorization ● Access Granting Protocol ● Delegated access OAuth2/OpenID? ● Identity, Authentication + Oauth2 = OpenID Connect ● Federation
  • 6. Why? Keycloak ● Open source Identity and Access Management solution (https://github.com/keycloak/keycloak) ● Browsers, mobiles and clouds ● Many accounts ● Admin headache Features ● SSO ● Admin console ● Login forms ● Account management ● Multi-factor auth ● Social login ● ..
  • 7. Setup: keycloak docker pull jboss/keycloak docker run -d -e KEYCLOAK_USER=<USERNAME> -e KEYCLOAK_PASSWORD=<PASSWORD> -p 8081:8080 jboss/keycloak Require docker daemon running Standalone server distribution (https://www.keycloak.org/downloads.htm)

Editor's Notes

  • #6: https://tools.ietf.org/html/rfc6749 https://openid.net/connect/
  • #8: https://www.keycloak.org/downloads.html