Keycloak – One password to rule them all – Overview
Keycloak – One password to rule them all – Overview
0 0
keycloak-presentation
On Github stianst / keycloak-presentation
Keycloak
One password to rule them all
Stian Thorgersen / stian@redhat.com
Why?
- Browsers, mobiles and clouds
- Many accounts
- Admin headache
Features
- SSO
- Admin console
- Login forms
- Account management
- Multi-factor auth
- Social login
- ...
Why implement all that yourself?
Overview
Realms
- Config
- Realm Roles
Application
- Redirect URIs
- Web Origins (CORS)
- Application Roles
- Scope
Clients
- Redirect URIs
- Web Origins (CORS)
- Scope
Users
- Profile
- Credentials
- Roles
App Login
Rest and redirects!
OAuth2
Token contains details about the user and permissions
JSON Web Token (JWT) & JSON Web Signature (JWS)
Token is signed so can be verified without contacting Keycloak
Client Grants
Can request access to a resource on behalf of a user
App exchanges code for token and passes token with requests...
Admin Console
Centralized management console for realms, applications and users
Login Forms
- Login
- Registration
- Login workflows
- Recover password
- Reset password
- Update profile
- ...
Account Management
- Profile
- Password
- Multi-factor auth
Social
Users can login with their Google, Facebook or Twitter accounts
What's Next?
- Audit
- Theme support for login forms and account management
- View available apps in account management
- Manage client grants in account management
- Adapters for HTML5, Android, iOS, Native
- Federation (ActiveDirectory, LDAP, Relational database, ...)
- More social providers (GitHub, LinkedIn, ...)
- More multifactor authentication (YubiKey, Email, SMS)
- NoSQL store
- OpenID Connect
- Broker authentication (single password on many servers/realms)
- SAML?
- ...
keycloak.org
Alpha just released!
#keycloak on Freenode
Demo time?
TODO
That's all folks!
Any questions?
Stian Thorgersen / stian@redhat.com