Voxxed Days Luxembourg 2019 Room: Linux Type: Conference Title: How to secure your Microservices with Keycloak Speaker: Thomas Darimont (codecentric AG)
Hat's off to you Thomas; truly great insight on KeyCloak and its capabilities. I was badly looking for AD/ADFS integration and was not getting right pointers. Thank you very much; you are a great professional !!!
Hello, thanks a lot for the great presentation. Just to add, if you want the ability to revoke Access Tokens before they expire, you can use the introspection endpoint instead of checking the signature.
For anyone curious as to why they cannot find Keycloak Gatekeeper anymore, it was moved out of the Keycloak governance group earlier in 2020. Details can be found here: groups.google.com/forum/#!topic/keycloak-dev/oDyw94BWxM0
Thanks for the useful video. I am facing configuring public IP addresses on keycloak. would you mind telling if any specific configuration needs to be noted?
Thanks, great demo. I have a question, I've my react-front and back-spring-api securized with keycloak. Why when I logout from react-app or close all session in keycloak admin console before that the token expire, I still can call rest api backend using the previous token generated at login moment (postman)? *backend-spring-api config* _"client-id": "my-public-client",_ _"bearer-only": true,_ _"auth-server-url": "localhost:8180/auth",_ _"realm": "my-realm"_
Hi! I see it's been a while, but for those with the same question: So, when a user logs out in the browser the JWT it uses isn't really invalidated, it's just removed from the browser's memory. When we are talking about a client like Postman, this means nothing, and the jwt will remains valid until it's expiration. To circumvent, you could shorten the expiration or implement in backend a verification of valid/invalid sessions
Let's say it's an Order API and I want to see only my Order and I should not have access to modify my Order. However, a Sales Agent can. Is it possible using keycloak?
Great! Really impressive! Now rewrite it in golang! Basically every application I am dealing with need this functionality the problem is jboss, Jboss, or any other "container", it is orrible I dont wanna have it around never, at least rewrite it to run without jboss and will be ok for me.