This article discusses how to set up and configure a Keycloak instance to use OpenShift for authentication via Identity Brokering. This allows for Single Sign On between the OpenShift cluster and the Keycloak instance. The Keycloak instance will be running on the OpenShift cluster and leverage a ServiceAccount OAuth Client.
Continue reading “Keycloak Identity Brokering with OpenShift”
Welcome back to another edition of JBoss Weekly, bringing you news from across the net relating to JBoss Middleware. Those of you who attended Devoxx Belgium, we hope you had the opportunity to speak with our engineers there.
Continue reading “JBoss Weekly 17 November 2017”
The 2017 edition of the legendary Devoxx conference is over, and as always, it has been a fantastic week.
Hosted in Antwerp, Belgium, and sold out months in advance, it’s one of the top events of the Java community. Five days fully packed with workshops, regular conference sessions, BOFs, ignite sessions and even quickie talks during the lunch breaks – there was something for everyone.
The super-comfortable cinema seats at the Devoxx venue are legendary, but also if you couldn’t attend, you wouldn’t miss a thing as the sessions were live streamed. But it gets even better: all the recordings are freely available on YouTube already.
Red Hat was present with more than ten speakers, so Devoxx was a great opportunity for us to show the latest projects. Our sessions covered the full range of software development, from presenting a new garbage collector, over Java coding patterns and updates on popular libraries such as Hibernate, up to several talks related to microservices, including how to test, secure and deploy them on Kubernetes and OpenShift.
Continue reading “Red Hat Sessions at Devoxx 2017”
Need to lock down your Docker registry? Keycloak has you covered.
As of version 3.2.0, Keycloak has the ability to act as an “authorization service” for Docker authentication. This means that the Keycloak IDP server can perform identity validation and token issuance when a Docker registry requires authentication. Administrators may now leverage the same user base, audit controls, and configuration mechanisms in Keycloak to extend their SSO ecosystem past OpenID Connect and SAML to cover Docker registries. The chart below illustrates how this flow works:
Continue reading “Docker Authentication with Keycloak”
In this post, I will provide a walk through of how to set up Identity Brokering on an RH-SSO server.
Red Hat Single Sign-On (RH-SSO) provides Web single sign-on and identity federation based on SAML 2.0, OpenID Connect and OAuth 2.0 specifications.
For this tutorial, you will need:
- An RH-SSO Instance.
- A Web/Mobile Application with an OpenID Connect adapter.
- An OpenID Connect Provider Server (Such as Keycloak) to be used as the 3rd Party Identity Provider.
Continue reading “OpenID Connect Identity Brokering with Red Hat Single Sign-On”
The Azure Openshift 3.6 reference architecture now automatically deploys and integrates SSO. The reference architecture, which is available in a scalable full high-availability configuration and a single vm for trials is part of openshift-ansible-contrib git repo.
Continue reading Openshift 3.6 Reference Architecture Now Includes SSO
What is Keycloak?
Although security is a crucial aspect of any application, its implementation can be difficult. Worse, it is often neglected, poorly implemented and intrusive in the code. But lately, security servers have appeared which allow for outsourcing and delegating all the authentication and authorization aspects. Of these servers, one of the most promising is Keycloak, open-source, flexible, and agnostic of any technology, it is easily deployable/adaptable in its own infrastructure.
Moreover, Keycloak is more than just an authentication server, it also provides a complete Identity Management system, user federation for third parties like LDAP and a lot more … Check it out on here.
The project can also be found on Github
Continue reading “Easily secure your Spring Boot applications with Keycloak”
The tutorial Spring Boot and OAuth2 showed how to enable OAuth2 with Spring Boot with Facebook as AuthProvider; this blog is the extension of showing how to use KeyCloak as AuthProvider instead of Facebook. I intend to keep this example as close to the original Spring Boot and OAuth2 and will explain the changes to the configuration to make the same application work with KeyCloak. The source code for the examples are available in the github repositories listed below.
Continue reading Spring Boot and OAuth2 with Keycloak
Recently I’ve been looking into different UI tech in use for apps built on top of Red Hat middleware, and I’ve discovered that many of Red Hat’s products use PatternFly (in differing capacities) for their administrative UIs. PatternFly is “A community of designers and developers collaborating to build a UI framework for enterprise web applications.” (from the website). There are also components, directives, etc, for AngularJS projects (which I really like).
This sounds awesome, particularly because I’m a terrible designer, so I thought I’d take a crack at converting an existing demo to use PatternFly, and along the way learn more about the framework and its best practices. These are concepts you can use in your own projects when building JS-heavy projects using Maven (which has about a billion ways to do things).
You can find the demo on jbossdemocentral, along with instructions for building it. In this article, I will describe some of the highlights of what I learned.
Continue reading “Building JBoss Projects with PatternFly and AngularJS”