How to secure your Spring Apps with Keycloak by Thomas Darimont @ Spring I/O 2018

Подписаться 35 тыс.

Просмотров 34 тыс.

50% 1

Spring I/O 2018 - Barcelona, 24-25 May
Slides: github.com/tho...
GitHub repo: github.com/tho...
This talk will introduce Keycloak, an Open Source Identity and Access Management solution from Red Hat, which can help you to equip your applications with centralized authentication and authorization.
Keycloak provides Single Sign-On based on widely used protocols such as OpenID Connect 1.0, OAuth 2.0 and SAML2, that are easy to integrate with own applications. Keycloak comes with many batteries included, e.g. user management, user registration, 2-factor authentication, support for external identity providers such as Google, Facebook, Twitter, custom look-and-feel and integration with directory services like LDAP, Kerberos or Active Directory. Additionally, Keycloak offers a comprehensive extension model that makes it easy to adapt it to your own needs.
After a short overview of Keycloak features, we will introduce some core concepts with a guided tour through Keycloaks Admin UI. We then take an in-depth look at an OAuth / OpenID Connect based authentication flow. After those foundations are set we will demonstrate possibilities for integrating Keycloak in selected authentication scenarios. We conclude the talk with a brief demo of an centralized identity management infrastructure, built around Keycloak.

Опубликовано:

8 сен 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 29

@richardseldon5205 4 года назад

Excellent presentation and keycloak resources. Thanks.

@rbelatamas Год назад

thanks for this great presentation!

@retroradar_de 5 лет назад

very helpful presentation. we want to use keycloak at our office and need good structured informations like that!

@gokufujison 5 лет назад

Very good explanation of SSO!

@jayaram668 5 лет назад

Hello thomas really very helpful presentation ,thank you so much

@vanikesani3832 5 лет назад

awesome tutorial on keycloak

@vigneshkannam1655 3 года назад

Good explanation 🔥

@jietan8548 5 лет назад

good presentation.

@vanattran5456 3 года назад

Thanks sir, How to you can share images setup KeyCloak Client in this Project ??? Thanks you very much!

@mukut5ul 5 лет назад

Awesome..

@gabrielferrer3205 4 года назад

Is it possible to have a table join of Keycloak Users with Transaction tables in another database?

@tsimbaland2905 4 года назад

Could we manage access to REST resources in java app using keycloak client authorization only?

@jyotijaiswal125 4 года назад

Hello Thomas , Thanks a lot for this video. I followed the steps as per your video but I am getting "status": 401, "error": "Unauthorized", error on postman. IN eclipse, I can see it is not hitting the code. Would you please help me out. Best Regards.

@paulfrischknecht3999 5 лет назад

How is LDAP/user federation different from the other identity providers? Why is it not listed there?

@erickbellucitedeschi1445 5 лет назад

Hi, i will try to explain in few chars. Identity providers, is part of OpenID Connect/SAML specifications, so it works as specified in the protocols (redirect the authentication/authorization to another Identity Provider (like a social login also)). Federation in this case works as User credentials repository (and in some cases group mapping), so the keycloak import users/groups from there and make a local copy.

@nrajeshwar 4 года назад

how to secure connection with https

@paulfrischknecht3999 5 лет назад

Why is the keyid (kid) not just the public key itself? Seems like an extra roundtrip to figure that out...

@GuoqiangXuX 5 лет назад

to save some bytes

@snowy0110 5 лет назад

A public key doesn't change often, so it makes sense to cache it, instead of exchanging it all the time. For chatty applications where a payload is not that big compared to public key size, it would hurt network bandwidth since the same information would be transferred over and over again

@SuilujChannel 4 года назад

I think it has to do with revoking jwts. If the kid is not valid anymore the jwt is not accepted. And the kid will not be cached for long times I think

@kartiksubramanian182 4 года назад

Are realms equivalent to tenants?

@TheArpitkoberoi 3 года назад

As per my understanding, yes

@9453055518 5 лет назад

Hello, Can you tell me, how to do infinispan setup, in detail. Thanks in advance.

@koffiyannicknzi5455 6 лет назад

Hello Thomas i'm working on a project with keycloak starting by your "spring-boot-keycloak-server-example" project. I have a question about that. I would like to kwnow where is the keycloak themes directory so that if i want to customize a theme i can put my files there.