Security

Use mobile numbers for user authentication in Keycloak

Use mobile numbers for user authentication in Keycloak

I recently worked on a project that required using a mobile number for user authentication, instead of the traditional username and password. Almost everyone has a unique mobile number, so the requirement made sense. Our authentication tool is Keycloak, which does not ship with an option for mobile-based authentication. Instead, my team developed a custom authentication executor to meet the requirement.

In this article, I show you how to use Keycloak’s authentication service provider interface (SPI) to write a custom MobileAuthenticator class and then instantiate it with an AuthenticationFactory. I also show you how to package and compile the mobile authentication project using Maven and how to create a custom mobile authentication flow for Keycloak.

Continue reading “Use mobile numbers for user authentication in Keycloak”

Share
Securely connect Quarkus and Red Hat Data Grid on Red Hat OpenShift

Securely connect Quarkus and Red Hat Data Grid on Red Hat OpenShift

The release of Red Hat Data Grid 8.1 offers new features for securing applications deployed on Red Hat OpenShift. Naturally, I wanted to check them out for Quarkus. Using the Quarkus Data Grid extension made that easy to do.

Data Grid is an in-memory, distributed, NoSQL datastore solution based on Infinispan. Since it manages your data, Data Grid should be as secure as possible. For this reason, it uses a default property realm that requires HTTPS and automatically enforces user authentication on remote endpoints. As an additional layer of security on OpenShift, Data Grid presents certificates signed by the OpenShift Service Signer. In practice, this means that Data Grid is as secure as possible out of the box, requiring encrypted connections and authentication from the first request. Data Grid generates a default set of credentials (which, of course, you can override), but unauthenticated access is denied.

In this article, I show you how to configure a Quarkus application with Data Grid and deploy it on OpenShift.

Continue reading “Securely connect Quarkus and Red Hat Data Grid on Red Hat OpenShift”

Share
Install a signed certificate with Open Liberty 20.0.0.10’s Automatic Certificate Management Environment Support 2.0

Install a signed certificate with Open Liberty 20.0.0.10’s Automatic Certificate Management Environment Support 2.0

Red Hat Runtimes now supports the new Open Liberty 20.0.0.10 Java runtime. Open Liberty 20.0.0.10 features support for the Automatic Certificate Management Environment (ACME) protocol, which automates the process of obtaining a certificate signed by a certificate authority (CA). The Open Liberty 20.0.0.10 release also includes many bug fixes.

Continue reading Install a signed certificate with Open Liberty 20.0.0.10’s Automatic Certificate Management Environment Support 2.0

Share
Improved configuration and more in Red Hat CodeReady Workspaces 2.3

Improved configuration and more in Red Hat CodeReady Workspaces 2.3

Based on Eclipse Che, Red Hat CodeReady Workspaces (CRW) is a Red Hat OpenShift-native developer environment that supports cloud-native development. CodeReady Workspaces 2.3 is now available. For this release, we focused on improving CRW’s configuration options, updating to the latest versions of IDE plugins, and adding new devfiles.

CodeReady Workspaces 2.3 is available on:

Continue reading “Improved configuration and more in Red Hat CodeReady Workspaces 2.3”

Share
iptables: The two variants and their relationship with nftables

iptables: The two variants and their relationship with nftables

In Red Hat Enterprise Linux (RHEL) 8, the userspace utility program iptables has a close relationship to its successor, nftables. The association between the two utilities is subtle, which has led to confusion among Linux users and developers. In this article, I attempt to clarify the relationship between the two variants of iptables and its successor program, nftables.

Continue reading iptables: The two variants and their relationship with nftables

Share
OpenShift for Kubernetes developers: Getting started

OpenShift for Kubernetes developers: Getting started

If you are familiar with containers and Kubernetes, you have likely heard of the enterprise features that Red Hat OpenShift brings to this platform. In this article, I introduce developers familiar with Kubernetes to OpenShift’s command-line features and native extension API resources, including build configurations, deployment configurations, and image streams.

Continue reading OpenShift for Kubernetes developers: Getting started

Share
Secure authentication with Red Hat AMQ 7.7 and ApacheDS LDAP server

Secure authentication with Red Hat AMQ 7.7 and ApacheDS LDAP server

In this article, we will integrate Red Hat AMQ 7.7 with the ApacheDS LDAP server. However, any version of the AMQ 7.x series can be integrated with the steps mentioned in this article.

For this example integration, we’ll use Apache Directory Studio, which is an LDAP browser and directory client for ApacheDS. You will learn how to set up the ApacheDS LDAP server from scratch, and how to integrate the new LDAP configuration changes that are required in AMQ 7.7. Finally, we’ll test the integration with an AMQ 7.7 shell-based client, using Hawtio as a graphical user interface (GUI). This will be helpful to system administrators and developers as they can quickly create a proof of concept for LDAP and AMQ integration. This will help in enabling role-based access control(RBAC) for accessing AMQ 7.7.

Note: Our example is based on security-ldap, which shows how to configure and use a secure Java Message Service (JMS) application layer with ActiveMQ Artemis and the ApacheDS LDAP server. This example ships with all AMQ 7.x distributions. I have tested the integration in Fedora 32 and the OpenJDK version of Java 8 (1.8.0_252).

Continue reading “Secure authentication with Red Hat AMQ 7.7 and ApacheDS LDAP server”

Share