I recently worked on a project that required using a mobile number for user authentication, instead of the traditional username and password. Almost everyone has a unique mobile number, so the requirement made sense. Our authentication tool is Keycloak, which does not ship with an option for mobile-based authentication. Instead, my team developed a custom authentication executor to meet the requirement.
In this article, I show you how to use Keycloak’s authentication service provider interface (SPI) to write a custom
MobileAuthenticator class and then instantiate it with an
AuthenticationFactory. I also show you how to package and compile the mobile authentication project using Maven and how to create a custom mobile authentication flow for Keycloak.
Continue reading “Use mobile numbers for user authentication in Keycloak”
The release of Red Hat Data Grid 8.1 offers new features for securing applications deployed on Red Hat OpenShift. Naturally, I wanted to check them out for Quarkus. Using the Quarkus Data Grid extension made that easy to do.
Data Grid is an in-memory, distributed, NoSQL datastore solution based on Infinispan. Since it manages your data, Data Grid should be as secure as possible. For this reason, it uses a default property realm that requires HTTPS and automatically enforces user authentication on remote endpoints. As an additional layer of security on OpenShift, Data Grid presents certificates signed by the OpenShift Service Signer. In practice, this means that Data Grid is as secure as possible out of the box, requiring encrypted connections and authentication from the first request. Data Grid generates a default set of credentials (which, of course, you can override), but unauthenticated access is denied.
In this article, I show you how to configure a Quarkus application with Data Grid and deploy it on OpenShift.
Continue reading “Securely connect Quarkus and Red Hat Data Grid on Red Hat OpenShift”
Red Hat Runtimes now supports the new Open Liberty 220.127.116.11 Java runtime. Open Liberty 18.104.22.168 features support for the Automatic Certificate Management Environment (ACME) protocol, which automates the process of obtaining a certificate signed by a certificate authority (CA). The Open Liberty 22.214.171.124 release also includes many bug fixes.
Continue reading Install a signed certificate with Open Liberty 126.96.36.199’s Automatic Certificate Management Environment Support 2.0
Developers deploying Red Hat AMQ on Red Hat OpenShift often wonder how to connect external clients to AMQ Broker using the Transport Layer Security (TLS) protocol, which is an improved successor to the Secure Sockets Layer (SSL) protocol.
Continue reading Connecting external clients to Red Hat AMQ Broker on Red Hat OpenShift
Based on Eclipse Che, Red Hat CodeReady Workspaces (CRW) is a Red Hat OpenShift-native developer environment that supports cloud-native development. CodeReady Workspaces 2.3 is now available. For this release, we focused on improving CRW’s configuration options, updating to the latest versions of IDE plugins, and adding new devfiles.
CodeReady Workspaces 2.3 is available on:
Continue reading “Improved configuration and more in Red Hat CodeReady Workspaces 2.3”
In Red Hat Enterprise Linux (RHEL) 8, the userspace utility program
iptables has a close relationship to its successor,
nftables. The association between the two utilities is subtle, which has led to confusion among Linux users and developers. In this article, I attempt to clarify the relationship between the two variants of
iptables and its successor program,
Continue reading iptables: The two variants and their relationship with nftables
If you are familiar with containers and Kubernetes, you have likely heard of the enterprise features that Red Hat OpenShift brings to this platform. In this article, I introduce developers familiar with Kubernetes to OpenShift’s command-line features and native extension API resources, including build configurations, deployment configurations, and image streams.
Continue reading OpenShift for Kubernetes developers: Getting started
In this article, we will integrate Red Hat AMQ 7.7 with the ApacheDS LDAP server. However, any version of the AMQ 7.x series can be integrated with the steps mentioned in this article.
For this example integration, we’ll use Apache Directory Studio, which is an LDAP browser and directory client for ApacheDS. You will learn how to set up the ApacheDS LDAP server from scratch, and how to integrate the new LDAP configuration changes that are required in AMQ 7.7. Finally, we’ll test the integration with an AMQ 7.7 shell-based client, using Hawtio as a graphical user interface (GUI). This will be helpful to system administrators and developers as they can quickly create a proof of concept for LDAP and AMQ integration. This will help in enabling role-based access control(RBAC) for accessing AMQ 7.7.
Note: Our example is based on security-ldap, which shows how to configure and use a secure Java Message Service (JMS) application layer with ActiveMQ Artemis and the ApacheDS LDAP server. This example ships with all AMQ 7.x distributions. I have tested the integration in Fedora 32 and the OpenJDK version of Java 8 (1.8.0_252).
Continue reading “Secure authentication with Red Hat AMQ 7.7 and ApacheDS LDAP server”
DevNation Tech Talks are hosted by the Red Hat technologists who create our products. These sessions include real solutions plus code and sample projects to help you get started. In this talk, you’ll learn about Keycloak from Stian Thorgersen and Burr Sutter.
Continue reading A deep dive into Keycloak
Update August 25, 2020: The Louketo Proxy team has announced that it is sunsetting the Louketo project. Read the link for more information, and watch our site for a new article detailing how to authorize multi-language microservices using a different method.
Continue reading Authorizing multi-language microservices with Louketo Proxy