Security

How to restrict user authentication in Keycloak during identity brokering

How to restrict user authentication in Keycloak during identity brokering

As per the design, Keycloak imports all users into its local database if the users are authenticated via any third-party identity provider (e.g., Google, Facebook, or Okta). But what if users authenticated through the third-party identity provider have to be restricted—or be allowed only limited access—to applications that are federated with Keycloak? Here’s how you do it.

Continue reading “How to restrict user authentication in Keycloak during identity brokering”

Share
Integrating Red Hat Single Sign-On version 7.4 with Red Hat Directory Server (LDAP)

Integrating Red Hat Single Sign-On version 7.4 with Red Hat Directory Server (LDAP)

This article describes the integration of Red Hat Single Sign-On (SSO) with Red Hat Directory Server 11 (LDAP). It also illustrates how it is possible to perform user synchronization and group synchronization between Red Hat Directory Server and Red Hat’s single sign-on tools.

Continue reading Integrating Red Hat Single Sign-On version 7.4 with Red Hat Directory Server (LDAP)

Share
Use Oracle’s Universal Connection Pool with Red Hat JBoss Enterprise Application Platform 7.3 and Oracle RAC

Use Oracle’s Universal Connection Pool with Red Hat JBoss Enterprise Application Platform 7.3 and Oracle RAC

Data is a critical business application component, but ensuring consistent, reliable data access can be challenging. Adding distributed services and high availability to your application requirements makes data access even more complicated. You can now use Oracle’s Universal Connection Pool (UCP) together with Oracle Real Application Clusters (RAC) and Red Hat JBoss Enterprise Application Platform (JBoss EAP) 7.3. This article introduces connection pooling with Oracle Universal Connection Pool and demonstrates how to integrate UCP with an Oracle RAC database in a JBoss EAP 7.3 deployment.

Continue reading Use Oracle’s Universal Connection Pool with Red Hat JBoss Enterprise Application Platform 7.3 and Oracle RAC

Share
Authentication and authorization using the Keycloak REST API

Authentication and authorization using the Keycloak REST API

Enabling authentication and authorization involves complex functionality beyond a simple login API. In a previous article, I described the Keycloak REST login API endpoint, which only handles some authentication tasks. In this article, I describe how to enable other aspects of authentication and authorization by using Keycloak REST API functionality out of the box.

Continue reading “Authentication and authorization using the Keycloak REST API”

Share
Using Multus and DataVolume in KubeVirt

Using Multus and DataVolume in KubeVirt

KubeVirt is a cloud-native virtual machine management framework based on Kubernetes. KubeVirt orchestrates workloads running on virtual machines in the same way that Kubernetes does for containers. KubeVirt has many features for managing the network, storage, images, and the virtual machine itself. This article focuses on two mechanisms for configuring network and storage requirements: Multus-CNI and CDI DataVolumes. You will learn how to configure these KubeVirt features for use cases that require high performance, security, and scalability.

Continue reading Using Multus and DataVolume in KubeVirt

Share
OpenID Connect integration with Red Hat 3scale API Management and Okta

OpenID Connect integration with Red Hat 3scale API Management and Okta

This article introduces you to using Red Hat 3scale API Management for OpenID Connect (OIDC) integration and compliance. Our goal is to secure an API in 3scale API Management using JSON Web Token (JWT), OIDC, and the Oauth2 Authorization Framework. We will set up the integration using Okta as our third-party OpenID Connect identity provider. An important part of the demonstration is establishing the 3scale API Management gateway’s connection with Okta.

Continue reading OpenID Connect integration with Red Hat 3scale API Management and Okta

Share
New custom metrics and air gapped installation in Red Hat 3scale API Management 2.9

New custom metrics and air gapped installation in Red Hat 3scale API Management 2.9

We continue to update the Red Hat Integration product portfolio to provide a better operational and development experience for modern cloud– and container-native applications. The Red Hat Integration 2020-Q3 release includes Red Hat 3scale API Management 2.9, which provides new features and capabilities for 3scale. Among other features, we have updated the 3scale API Management and Gateway Operators.

This article introduces the Red Hat 3scale API Management 2.9 release highlights, including air-gapped installation for 3scale on Red Hat OpenShift and new APIcast policies for custom metrics and upstream mutual Transport Layer Security (TLS).

Continue reading “New custom metrics and air gapped installation in Red Hat 3scale API Management 2.9”

Share
Smart cards support in libssh

Smart cards support in libssh

In computer security, software implementations of cryptographic algorithms are vulnerable to side-channel attacks. This type of attack seeks to glean information from the computer system rather than from the program that it is running. As examples, Spectre and Meltdown are both side-channel attacks that target the microarchitecture of modern processors. Microarchitectural attacks are only a subset of all side-channel attacks. There are many others that leak sensitive secret information.

Continue reading Smart cards support in libssh

Share
Use mobile numbers for user authentication in Keycloak

Use mobile numbers for user authentication in Keycloak

I recently worked on a project that required using a mobile number for user authentication, instead of the traditional username and password. Almost everyone has a unique mobile number, so the requirement made sense. Our authentication tool is Keycloak, which does not ship with an option for mobile-based authentication. Instead, my team developed a custom authentication executor to meet the requirement.

In this article, I show you how to use Keycloak’s authentication service provider interface (SPI) to write a custom MobileAuthenticator class and then instantiate it with an AuthenticationFactory. I also show you how to package and compile the mobile authentication project using Maven and how to create a custom mobile authentication flow for Keycloak.

Continue reading “Use mobile numbers for user authentication in Keycloak”

Share