keycloak

How to restrict user authentication in Keycloak during identity brokering

How to restrict user authentication in Keycloak during identity brokering

As per the design, Keycloak imports all users into its local database if the users are authenticated via any third-party identity provider (e.g., Google, Facebook, or Okta). But what if users authenticated through the third-party identity provider have to be restricted—or be allowed only limited access—to applications that are federated with Keycloak? Here’s how you do it.

Continue reading “How to restrict user authentication in Keycloak during identity brokering”

Share
Integrating Red Hat Single Sign-On version 7.4 with Red Hat Directory Server (LDAP)

Integrating Red Hat Single Sign-On version 7.4 with Red Hat Directory Server (LDAP)

This article describes the integration of Red Hat Single Sign-On (SSO) with Red Hat Directory Server 11 (LDAP). It also illustrates how it is possible to perform user synchronization and group synchronization between Red Hat Directory Server and Red Hat’s single sign-on tools.

Continue reading Integrating Red Hat Single Sign-On version 7.4 with Red Hat Directory Server (LDAP)

Share
Analyze monolithic Java applications in multiple workspaces with Red Hat’s migration toolkit for applications

Analyze monolithic Java applications in multiple workspaces with Red Hat’s migration toolkit for applications

Transforming monolithic Java applications into distributed, cloud-native microservices is never easy, but Red Hat’s migration toolkit for applications helps you understand and evaluate the migration path. As a developer, you can apply the following features to a broad range of transformation use cases:

Continue reading Analyze monolithic Java applications in multiple workspaces with Red Hat’s migration toolkit for applications

Share
Authentication and authorization using the Keycloak REST API

Authentication and authorization using the Keycloak REST API

Enabling authentication and authorization involves complex functionality beyond a simple login API. In a previous article, I described the Keycloak REST login API endpoint, which only handles some authentication tasks. In this article, I describe how to enable other aspects of authentication and authorization by using Keycloak REST API functionality out of the box.

Continue reading “Authentication and authorization using the Keycloak REST API”

Share
Use mobile numbers for user authentication in Keycloak

Use mobile numbers for user authentication in Keycloak

I recently worked on a project that required using a mobile number for user authentication, instead of the traditional username and password. Almost everyone has a unique mobile number, so the requirement made sense. Our authentication tool is Keycloak, which does not ship with an option for mobile-based authentication. Instead, my team developed a custom authentication executor to meet the requirement.

In this article, I show you how to use Keycloak’s authentication service provider interface (SPI) to write a custom MobileAuthenticator class and then instantiate it with an AuthenticationFactory. I also show you how to package and compile the mobile authentication project using Maven and how to create a custom mobile authentication flow for Keycloak.

Continue reading “Use mobile numbers for user authentication in Keycloak”

Share
Automate workshop setup with Ansible playbooks and CodeReady Workspaces

Automate workshop setup with Ansible playbooks and CodeReady Workspaces

At Red Hat, we do many in-person and virtual workshops for customers, partners, and other open source developers. In most cases, the workshops are of the “bring your own device” variety, so we face a range of hardware and software setups and corporate endpoint-protection schemes, as well as different levels of system knowledge.

Continue reading Automate workshop setup with Ansible playbooks and CodeReady Workspaces

Share
Contract-first development: Create a mock back end for realistic data interactions with React

Contract-first development: Create a mock back end for realistic data interactions with React

Many front-end developers are discovering the benefits of contract-first development. With this approach, front- and back-end developers use OpenAPI to collaboratively design an API specification. Once the initial specification is done, front-end developers can use API definitions and sample data to develop discrete user interface (UI) components. Defining a single OpenAPI spec improves cross-team collaboration, and API definitions empower front-end developers to design our initial workflows without relying on the back end.

Continue reading Contract-first development: Create a mock back end for realistic data interactions with React

Share
API login and JWT token generation using Keycloak

API login and JWT token generation using Keycloak

Red Hat single sign-on (SSO)—or its open source version, Keycloak—is one of the leading products for web SSO capabilities, and is based on popular standards such as Security Assertion Markup Language (SAML) 2.0, OpenID Connect, and OAuth 2.0. One of Red Hat SSO’s strongest features is that we can access Keycloak directly in many ways, whether through a simple HTML login form, or an API call. In the following scenario, we will generate a JWT token and then validate it. Everything will be done using API calls, so Keycloak’s UI is not exposed to the public directly.

Continue reading “API login and JWT token generation using Keycloak”

Share