Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Previous Chapter

Keycloak - Identity and Access Management for Modern Applications

Table of Contents

Preface

Section 1: Getting Started with Keycloak

Chapter 1: Getting Started with Keycloak

Technical requirements

Introducing Keycloak

Installing and running Keycloak

Running Keycloak on Docker

Installing and running Keycloak with OpenJDK

Discovering the Keycloak admin and account consoles

Getting started with the Keycloak admin console

Getting started with the Keycloak account console

Summary

Questions

Chapter 2: Securing Your First Application

Technical requirements

Understanding the sample application

Running the application

Understanding how to log in to the application

Securely invoking the backend REST API

Summary

Questions

Section 2: Securing Applications with Keycloak

Chapter 3: Brief Introduction to Standards

Authorizing application access with OAuth 2.0

Authenticating users with OpenID Connect

Leveraging JWT for tokens

Understanding why SAML 2.0 is still relevant

Summary

Questions

Chapter 4: Authenticating Users with OpenID Connect

Technical requirements

Running the OpenID Connect playground

Understanding the Discovery endpoint

Authenticating a user

Understanding the ID token

Updating the user profile

Adding a custom property

Adding roles to the ID token

Invoking the UserInfo endpoint

Dealing with users logging out

Initiating the logout

Leveraging ID and access token expiration

Leveraging OIDC Session Management

Leveraging OIDC Back-Channel Logout

A note on OIDC Front-Channel Logout

How should you deal with logout?

Summary

Questions

Further reading

Chapter 5: Authorizing Access with OAuth 2.0

Technical requirements

Running the OAuth 2.0 playground

Obtaining an access token

Requiring user consent

Limiting the access granted to access tokens

Using the audience to limit token access

Using roles to limit token access

Using the scope to limit token access

Validating access tokens

Summary

Questions

Further reading

Chapter 6: Securing Different Application Types

Technical requirements

Understanding internal and external applications

Securing web applications

Securing server-side web applications

Securing a SPA with a dedicated REST API

Securing a SPA with an intermediary REST API

Securing a SPA with an external REST API

Securing native and mobile applications

Securing REST APIs and services

Summary

Questions

Further reading

Chapter 7: Integrating Applications with Keycloak

Technical requirements

Choosing an integration architecture

Choosing an integration option

Integrating with Golang applications

Configuring a Golang client

Integrating with Java applications

Using Quarkus

Using Spring Boot

Using Keycloak adapters

Integrating with JavaScript applications

Integrating with Node.js applications

Creating a Node.js resource server

Integrating with Python applications

Creating a Python client

Creating a Python resource server

Using a reverse proxy

Try not to implement your own integration

Summary

Questions

Further reading

Chapter 8: Authorization Strategies

Understanding authorization

Using RBAC

Using GBAC

Mapping group membership into tokens

Using OAuth2 scopes

Using ABAC

Using Keycloak as a centralized authorization server

Summary

Questions

Further reading

Section 3: Configuring and Managing Keycloak

Chapter 9: Configuring Keycloak for Production

Technical requirements

Setting the hostname for Keycloak

Setting the frontend URL

Setting the backend URL

Setting the admin URL

Enabling TLS

Configuring a database

Enabling clustering

Configuring a reverse proxy

Distributing the load across nodes

Forwarding client information

Keeping session affinity

Testing your environment

Testing load balancing and failover

Testing the frontend and backchannel URLs

Summary

Questions

Further reading

Chapter 10: Managing Users

Technical requirements

Managing local users

Creating a local user

Managing user credentials

Obtaining and validating user information

Enabling self-registration

Managing user attributes

Integrating with LDAP and Active Directory

Understanding LDAP mappers

Synchronizing groups

Synchronizing roles

Integrating with third-party identity providers

Creating a OpenID Connect identity provider

Integrating with social identity providers

Allowing users to manage their data

Summary

Questions

Further reading

Chapter 11: Authenticating Users

Technical requirements

Understanding authentication flows

Configuring an authentication flow

Using passwords

Changing password policies

Resetting user passwords

Using OTPs

Changing OTP policies

Allowing users to choose whether they want to use OTP

Forcing users to authenticate using OTP

Using Web Authentication (WebAuthn)

Enabling WebAuthn for an authentication flow

Registering a security device and authenticating

Using strong authentication

Summary

Questions

Further reading

Chapter 12: Managing Tokens and Sessions

Technical requirements

Managing sessions

Managing session lifetimes

Managing active sessions

Expiring user sessions prematurely

Understanding cookies and their relation to sessions

Managing tokens

Managing ID tokens' and access tokens' lifetimes

Managing refresh tokens' lifetimes

Enabling refreshing token rotation

Revoking tokens

Summary

Questions

Further reading

Chapter 13: Extending Keycloak

Technical requirements

Understanding Service Provider Interfaces

Packaging a custom provider

Installing a custom provider

Understanding the KeycloakSessionFactory and KeycloakSession components

Understanding the life cycle of a provider

Configuring providers

Changing the look and feel

Understanding themes

Creating and deploying a new theme

Extending templates

Extending theme-related SPIs

Customizing authentication flows

Looking at other customization points

Summary

Questions

Further reading

Section 4: Security Considerations

Chapter 14: Securing Keycloak and Applications

Securing Keycloak

Encrypting communication to Keycloak

Configuring the Keycloak hostname

Rotating the signing keys used by Keycloak

Regularly updating Keycloak

Loading secrets into Keycloak from an external vault

Protecting Keycloak with a firewall and an intrusion prevention system

Securing the database

Protecting the database with a firewall

Enabling authentication and access control for the database

Encrypting the database

Securing cluster communication

Enabling cluster authentication

Encrypting cluster communication

Securing user accounts

Securing applications

Web application security

OAuth 2.0 and OpenID Connect best practice

Keycloak client configurations

Summary

Questions

Further reading

Assessments

Other Books You May Enjoy

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

52.14.224.197