As per the design, Keycloak imports all users into its local database if the users are authenticated via any third-party identity provider (e.g., Google, Facebook, or Okta). But what if users authenticated through the third-party identity provider have to be restricted—or be allowed only limited access—to applications that are federated with Keycloak? Here’s how you do it.
Continue reading “How to restrict user authentication in Keycloak during identity brokering”
This article describes the integration of Red Hat Single Sign-On (SSO) with Red Hat Directory Server 11 (LDAP). It also illustrates how it is possible to perform user synchronization and group synchronization between Red Hat Directory Server and Red Hat’s single sign-on tools.
Continue reading Integrating Red Hat Single Sign-On version 7.4 with Red Hat Directory Server (LDAP)
Transforming monolithic Java applications into distributed, cloud-native microservices is never easy, but Red Hat’s migration toolkit for applications helps you understand and evaluate the migration path. As a developer, you can apply the following features to a broad range of transformation use cases:
Continue reading Analyze monolithic Java applications in multiple workspaces with Red Hat’s migration toolkit for applications
Enabling authentication and authorization involves complex functionality beyond a simple login API. In a previous article, I described the Keycloak REST login API endpoint, which only handles some authentication tasks. In this article, I describe how to enable other aspects of authentication and authorization by using Keycloak REST API functionality out of the box.
Continue reading “Authentication and authorization using the Keycloak REST API”
I recently worked on a project that required using a mobile number for user authentication, instead of the traditional username and password. Almost everyone has a unique mobile number, so the requirement made sense. Our authentication tool is Keycloak, which does not ship with an option for mobile-based authentication. Instead, my team developed a custom authentication executor to meet the requirement.
In this article, I show you how to use Keycloak’s authentication service provider interface (SPI) to write a custom
MobileAuthenticator class and then instantiate it with an
AuthenticationFactory. I also show you how to package and compile the mobile authentication project using Maven and how to create a custom mobile authentication flow for Keycloak.
Continue reading “Use mobile numbers for user authentication in Keycloak”
DevNation Tech Talks are hosted by the Red Hat technologists who create our products. These sessions include real solutions plus code and sample projects to help you get started. In this talk, you’ll learn about Keycloak from Stian Thorgersen and Burr Sutter.
Continue reading A deep dive into Keycloak
Update August 25, 2020: The Louketo Proxy team has announced that it is sunsetting the Louketo project. Read the link for more information, and watch our site for a new article detailing how to authorize multi-language microservices using a different method.
Continue reading Authorizing multi-language microservices with Louketo Proxy
At Red Hat, we do many in-person and virtual workshops for customers, partners, and other open source developers. In most cases, the workshops are of the “bring your own device” variety, so we face a range of hardware and software setups and corporate endpoint-protection schemes, as well as different levels of system knowledge.
Continue reading Automate workshop setup with Ansible playbooks and CodeReady Workspaces
Many front-end developers are discovering the benefits of contract-first development. With this approach, front- and back-end developers use OpenAPI to collaboratively design an API specification. Once the initial specification is done, front-end developers can use API definitions and sample data to develop discrete user interface (UI) components. Defining a single OpenAPI spec improves cross-team collaboration, and API definitions empower front-end developers to design our initial workflows without relying on the back end.
Continue reading Contract-first development: Create a mock back end for realistic data interactions with React
Red Hat single sign-on (SSO)—or its open source version, Keycloak—is one of the leading products for web SSO capabilities, and is based on popular standards such as Security Assertion Markup Language (SAML) 2.0, OpenID Connect, and OAuth 2.0. One of Red Hat SSO’s strongest features is that we can access Keycloak directly in many ways, whether through a simple HTML login form, or an API call. In the following scenario, we will generate a JWT token and then validate it. Everything will be done using API calls, so Keycloak’s UI is not exposed to the public directly.