If you’re looking for a single sign-on solution (SSO) that enables you to secure new or legacy applications and easily use federated identity providers (IdP) such as social networks, you should definitely take a look at Keycloak. Keycloak is the upstream open source community project for Red Hat Single Sign-On (RH-SSO). RH-SSO is a core service that is part of a number of products such as Red Hat JBoss Enterprise Application Platform. If you’ve logged into to developers.redhat.com or openshift.com you are using Keycloak.
On the Red Hat Developer blog there have been a number of recent articles that cover various aspects Keycloak/RH-SSO integration. A recent DevNation Live Tech Talk covered Securing Spring Boot Microservices with Keycloak. This article discusses the features of Keycloak/RH-SSO that you should be aware of.
Continue reading “Single Sign-On Made Easy with Keycloak / Red Hat SSO”
This guide is designed to help you integrate your Red Hat Single Sign-On server with the OpenAPI (OAI)-based ActiveDocs in your 3scale developer portal. Although it has only been implemented with this particular Identity & Access Management solution (IAM), you could in theory make some customizations where necessary to integrate with another OpenID Connect-based solution.
Continue reading 3scale ActiveDocs and OAuth 2.0
The next online DevNation Live Tech Talk will be Thursday, March 1st at 12pm EST. The topic is Secure Spring Boot Microservices with Keycloak presented by Sébastien Blanc.
Although security and identity management are critical aspects for any application, implementation can be difficult. As a result, these things are often neglected, poorly implemented, and intrusive in the code. Recently, identity management servers have appeared that allow you to outsource and delegate all aspects of authentication and authorization, such as auth0.com. Of these servers, one of the most promising is Keycloak, because it is open source, flexible, and technology agnostic. Keycloak is easily deployable on a variety of infrastructure and is very adaptable for many types of deployments.
Register now, and join the live presentation at 12 pm EST on Thursday, March 1st.
** UPDATE: Missed the live session? Watch the video online. **
Continue reading “Next DevNation Live: Secure Spring Boot Microservices with Keycloak, March 1st, 12pm EST”
The aim of this tutorial is to configure Red Hat Single Sign On (RH-SSO) to work as an Identity Provider (IdP) for Liferay DXP through SAML.
Liferay DXP supports functionalities for Single Sign On (SSO) such as NTLM, OpenID, and Token-based and integration with IdPs like Google and Facebook. But when it comes to enterprise environments, the requirements may be stricter, especially regarding integration with externals IdPs.
Continue reading “Integrate RH-SSO 7.x with Liferay DXP using SAML”
Lets suppose that you have a remote Enterprise JavaBeans (EJB) application where the EJB client is a service pack (SP) application in a Security Assertion Markup Language (SAML) architecture. You would like your remote EJB to be authenticated using same assertion which was used for SP.
Before proceeding with this tutorial, you should have a basic understanding of EJB and Picketlink.
Continue reading “Enabling SAML-based SSO with Remote EJB through Picketlink”
This article discusses how to set up and configure a Keycloak instance to use OpenShift for authentication via Identity Brokering. This allows for Single Sign On between the OpenShift cluster and the Keycloak instance. The Keycloak instance will be running on the OpenShift cluster and leverage a ServiceAccount OAuth Client.
Continue reading “Keycloak Identity Brokering with OpenShift”
This step-by-step guide is a follow-up to the Red Hat 3scale API Management new 2.1 version announcement. As many of you will know, this new version simplifies the integration between APIcast gateway and Red Hat Single Sign-On through OpenID Connect (OIDC) for API authentication. As a result, now you can select OpenID Connect as your authentication mechanism besides API Key, App Key pair, and OAuth. Also, the on-premise version adds a new component that synchronizes the client creation on the Red Hat Single Sign-On domain.
Continue reading “HOW-TO setup 3scale OpenID Connect (OIDC) Integration with RH SSO”
It was more than 2 years ago that I blogged about building a Managed File Transfer (MFT) solution using Fuse and AMQ. First, many things have progressed, particularly the technology landscape. Second, MFT protocols have evolved. AS4 provides a new and improved way of securely exchanging documents over HTTP. In addition, the OASIS consortium governs a vendor-neutral open standard. This is great news, but how do we achieve support for these new standards and transports with our antiquated, legacy, and proprietary MFT software?
Continue reading “Managed File Transfer (MFT) 2.0 with Fuse, 3scale and AMQ”
Need to lock down your Docker registry? Keycloak has you covered.
As of version 3.2.0, Keycloak has the ability to act as an “authorization service” for Docker authentication. This means that the Keycloak IDP server can perform identity validation and token issuance when a Docker registry requires authentication. Administrators may now leverage the same user base, audit controls, and configuration mechanisms in Keycloak to extend their SSO ecosystem past OpenID Connect and SAML to cover Docker registries. The chart below illustrates how this flow works:
Continue reading “Docker Authentication with Keycloak”
Red Hat 3scale API Management Platform simplifies the integration between APIcast gateway and Red Hat Single Sign-On through OpenID Connect (OIDC) for API authentication. Consequently, the new version enables API provider users to select and configure their API authentication process from the Admin Portal UI.
Continue reading “3scale API Management Simplifies OpenID Connect Integration”