Hey champs, let us try to understand about keycloak services, benefits and their feature etc.
Add authentication to applications and secure services with minimum fuss. No need to deal with storing users or authenticating users. It’s all available out of the box.
You’ll even get advanced features such as User Federation, Identity Brokering and Social Login.
IAM(Identity Access Management)
IAM or IdM(Identity Management) is a framework used to authenticate the user identity and privileges. It checks whether the users have access to necessary files, networks and other resources that the user has requested. It also checks how and by whom the information can be accessed and modified by the management of descriptive information of users. IAM systems provide tools and some technologies to the administrators to change a user’s role, keeping track on user activities etc.
Installing an Identity and Access Management solution with a web based interface is a very common requirement for most of modern software projects. Not too long ago, developers needed to develop their own user management infrastructure (login page, log out, password reset, password hashing, social login… ) for every new application they worked on. However, thanks to frameworks like Keycloak and container based technologies like docker.
Identity Management has four main basic functions:
- The pure identity function: Without regard to access or entitlements for identity creation, management, and deletion.
- The user access(log-on) function: For example, to log-on to a service or services(a traditional view) the customer uses a smart card and its associated data.
- The service function: For user and their devices a system delivers personalized, role-based, online, on-demand, multimedia(content) and presence-based services.
- Identity Federation: To authenticate a user without knowing his/her password can be done by a system using federated identity.
Keycloak is an open source Identity and Access Management solution aimed at modern applications and services. It makes it easy to secure applications and services with little to no code, which means that you just need to configure functionalities, don’t need to write code. Therefore it will save development time.
Feature in Keyclaok
- Single sign-on and single sign-out
- Social login
- User federation (LDAP, Active directory, …)
- Centralized management with Admin console
- Standard protocols (OpenID Connect, OAuth2.0, SAML 2.0)
- Password Policies
- Easy setup and integration
- Customizable and extensible
- High performance
Why we use ?
You may use Keycloak, if you need some Identity and User management platform, and when you have complicated user access flow. In the end, you could consider Keycloak, if you need SSO (Single Sign On) feature. Once logged-in to Keycloak, users don’t have to login again to access a different application.
Is Keycloak safe ?
Keycloak is a reliable solution, designed following standard security protocols to provide a dynamic single sign-on solution.
Red Hat runs on Red Hat products, which includes single sign-on (SSO), and Red Hat trusts the upstream product Keycloak for their downstream product Red Hat SSO.
Benefits of Keycloak
- Authorization & Authentication. System logon with one account or one single virtual identity.
- Identity Brokering. Validation of the identity between different services via OpenID Connect or SAML 2.0 IdPs.
- LDAP & Active Directory.
- Active Community.
- Open Source
Keycloak working procedure
On a complete system secured with keycloak:
A user clicks from a public page to navigate to protected area within the application. The link to this protected area is in the application settings in keycloak admin console.
- The user will be redirected indeed to the keycloak authentication page. After providing username and password, keycloak redirects the user back to the application again with a code that is valid to a very short span of time.
- The application communicates this code to keycloak along with the application ID and the application secret, then keycloak replies with the Access token, ID token, and a Refresh token. Your application will need only one of these tokens to see which claims the user has, and according to the claims, the user will be granted or denied access to the requested protected URL(s).
I hope you enjoyed this fabulous service to secure and authenticate your application. This is just a overview for more deeper knowledge on this service like how to implement on our local machine, stay tune with me !!