Red Hat SSO

Install Red Hat 3scale and configure tenants with 7 simple commands

Install Red Hat 3scale and configure tenants with 7 simple commands

A couple weeks ago I was faced with the challenge of installing Red Hat 3scale and configuring its tenants using solely the command line — no GUI allowed. This is a rather interesting use case, so I decided to write this article and show how to do it with just seven commands!

(By the way, I also decided to include Red Hat Single Sign-On (SSO) in the mix because I want my APIs to use OpenID Connect (OIDC) for authentication. But I’ll leave those commands to a future article.)

Continue reading “Install Red Hat 3scale and configure tenants with 7 simple commands”

Share
Using Keycloak instead of Picketlink for SAML-based authentication

Using Keycloak instead of Picketlink for SAML-based authentication

The Picketlink project is now a deprecated module in Red Hat JBoss Enterprise Application Platform (EAP), so there’s a chance that Picketlink will no longer ship with the next release of EAP/Wildfly and that there will not be any fixes in the near future for the picketlink module.

Picketlink, however, is now merged with Keycloak, an open source identity and access management solution developed by Red Hat’s JBoss Community. In this article, we’ll present an alternative solution to the picketlink module. Some organizations use picketlink as the service provider to enable SAML-based authentication with a third-party identity provider (i.e., Active Directory Federated Services (AD FS), OKTA, PingFederate, etc.). In this, article, we’ll see how the keycloak-saml adapter can be configured in the place of Picketlink to enable SAML-based authentication with a third-party identity provider.

Continue reading “Using Keycloak instead of Picketlink for SAML-based authentication”

Share
Full API lifecycle management: A primer

Full API lifecycle management: A primer

APIs are the cornerstone of so many recent breakthroughs: from mobile applications, to the Internet of Things, to cloud computing. All those technologies expose, consume, and are built on APIs. And those APIs are a key driver for generating new revenue. Salesforce generates 50% of its revenue through APIs, Expedia generates 90% of its, and eBay generates 60% of its. With APIs becoming so central, it becomes essential to deal with full API lifecycle management. The success of your digital transformation project depends on it!

This article describes a set of full API lifecycle management activities that can guide you from an idea to the realization, from the inception of an API program up to management at scale throughout your whole company.

Continue reading “Full API lifecycle management: A primer”

Share
Transitioning Red Hat SSO to a highly-available hybrid cloud deployment

Transitioning Red Hat SSO to a highly-available hybrid cloud deployment

About two years ago, Red Hat IT finished migrating our customer-facing authentication system to Red Hat Single Sign-On (Red Hat SSO). As a result, we were quite pleased with the performance and flexibility of the new platform. Due to some architectural decisions that were made in order to optimize for uptime using the technologies at our disposal, we were unable to take full advantage of Red Hat SSO’s robust feature set until now. This article describes how we’re now addressing database and session replication between global sites.

Continue reading “Transitioning Red Hat SSO to a highly-available hybrid cloud deployment”

Share
Announcing Kubernetes-native self-service messaging with Red Hat AMQ Online

Announcing Kubernetes-native self-service messaging with Red Hat AMQ Online

Microservices architecture is taking over software development discussions everywhere. More and more companies are adapting to develop microservices as the core of their new systems. However, when going beyond the “microservices 101” googled tutorial, required services communications become more and more complex. Scalable, distributed systems, container-native microservices, and serverless functions benefit from decoupled communications to access other dependent services. Asynchronous (non-blocking) direct or brokered interaction is usually referred to as messaging.

Continue reading “Announcing Kubernetes-native self-service messaging with Red Hat AMQ Online”

Share
Red Hat Single Sign-On: Give it a try for no cost!

Red Hat Single Sign-On: Give it a try for no cost!

In a software world where each day is more hostile than the previous one, security matters and developers are coping with more and more non-functional requirements about security. The most common ones are the “OWASP Top 10”: the ten security risks that every developer should know. There are many more security risks you should care about, but those ten risks are the ones having the most impact on the security of your software. Among them are authentication and access control.

The good news is that authentication and access control are now commodities in the open source world, thanks to Red Hat Single Sign-On Red Hat Single Sign-On is an access management tool that takes care of the details of most authentication protocols such as SAML, OAuth, and OpenID Connect; user consent with UMA; and even access control. It is easy to use, is very well-documented, and has a very active community: Keycloak.

This article describes how to download and install Red Hat Single Sign-On for no cost.

Continue reading “Red Hat Single Sign-On: Give it a try for no cost!”

Share
Using a public certificate with Red Hat Single Sign-On/Keycloak

Using a public certificate with Red Hat Single Sign-On/Keycloak

When deploying Red Hat Single Sign-On/Keycloak for a test or a proof of concept, most users will choose to use a self-signed certificate as explained in the official documentation.

The setup instructions are straightforward, but this self-signed certificate will trigger certificate error messages in your web browser and can also prevent some clients such as Postman from working properly.

This article explains how to use a public certificate from Let’s Encrypt with Red Hat Single Sign-On.

Continue reading “Using a public certificate with Red Hat Single Sign-On/Keycloak”

Share
Integrating third-party identity providers with Red Hat 3scale API Management

Integrating third-party identity providers with Red Hat 3scale API Management

This post describes how to configure OpenID Connect (OIDC) authentication using an external Identity Provider (IdP). With the new release of Red Hat 3scale API Management, version 2.3, it is possible to use any OIDC-compliant IdP during the API authentication phase. This is a very important new feature because it makes it possible to integrate any IdP already present in your environment—without having to use an Identity Broker—thus reducing overall complexity.

Continue reading “Integrating third-party identity providers with Red Hat 3scale API Management”

Share
Configuring NGINX for OAuth/OpenID Connect SSO with Keycloak/Red Hat SSO

Configuring NGINX for OAuth/OpenID Connect SSO with Keycloak/Red Hat SSO

In this article I cover configuring NGINX for OAuth-based Single Sign-On (SSO) using Keycloak/Red Hat SSO. This allows the use of OpenID Connect (OIDC) for federated identity. This configuration is helpful when NGINX is acting as a reverse-proxy server for a backend application server, for example, Tomcat or JBoss, where the authentication is to be performed by the web server.

In this setup, Keycloak will act as an authorization server in OAuth-based SSO and NGINX will be the relaying party.  We will be using lua-resty-openidc, which is a library for NGINX implementing the OpenID Connect relying party (RP) and/or the OAuth 2.0 resource server (RS) functionality.

Continue reading “Configuring NGINX for OAuth/OpenID Connect SSO with Keycloak/Red Hat SSO”

Share
Single Sign-On Made Easy with Keycloak / Red Hat SSO

Single Sign-On Made Easy with Keycloak / Red Hat SSO

If you’re looking for a single sign-on solution (SSO) that enables you to secure new or legacy applications and easily use federated identity providers (IdP) such as social networks, you should definitely take a look at Keycloak. Keycloak is the upstream open source community project for Red Hat Single Sign-On (RH-SSO). RH-SSO is a core service that is part of a number of  products such as Red Hat JBoss Enterprise Application Platform. If you’ve logged into to developers.redhat.com or openshift.com you are using Keycloak.

On the Red Hat Developer blog there have been a number of recent articles that cover various aspects Keycloak/RH-SSO integration.  A recent DevNation Live Tech Talk covered Securing Spring Boot Microservices with Keycloak. This article discusses the features of Keycloak/RH-SSO that you should be aware of.

Continue reading “Single Sign-On Made Easy with Keycloak / Red Hat SSO”

Share