Open Source Identity and Access management with Keycloak.pdf
0 likes118 views
The document discusses Keycloak, an open-source identity and access management (IAM) solution, highlighting its core concepts, functionalities, and benefits. It emphasizes the importance of IAM for security, compliance, and user efficiency while detailing Keycloak's features such as single sign-on support and integration capabilities. The session was led by Anshul Patel at the Cloud Native Ahmedabad meetup, providing insights into IAM practices and Keycloak's role in modern application security.
Open Source Identity and Access management with Keycloak.pdf
- 1. Open Source Identity and Access management with Keycloak 21st December 2024 Cloud Native Ahmedabad Meetup #13 i-hub Gujarat, Prajna Puram, KCG Campus, opp. PRL, Navrangpura, Ahmedabad
- 2. Anshul Patel Cloud Consultant at Toptal Decade of experience in architecting, implementing, and optimizing cloud infrastructure, site-reliability, and operations to maximize the business value. Previously worked at Adani Enterprises, Woven by Toyota, Infostretch(now Apexon), Talentica, Amdocs, Elitecore(now Sterlite Tech) Who am I? https://anshulpatel.in
- 3. Identity and Access Management (IAM)
- 4. What is IAM? ● Identification: Who is the user? ● Authentication: Can they prove their identity? ● Authorization: What can they access? ● Accountability: Monitoring and auditing user actions.
- 5. Why IAM solution matters? ● Security: Prevents unwanted access to the systems ● Compliance: Helps organization meet regulatory standards ● Efficiency: Helps IT teams to streamline user access control ● User productivity & experience: Provides seamless access to resources ● Developer productivity & experience: Development team can leverage out of the box functionalities
- 6. Components of IAM solution ● Authentication ● User Management ● Group Management ● Roles ● Identity brokering & federation ● Access control ● Policies ● Monitoring and Auditing ● Permission/Scope
- 7. Keycloak
- 8. What is Keycloak? ● Open source identity and access management solution ● Started by Wildfly community project under stewardship of RedHat ● Donated to CNCF in April 2023, currently it is in CNCF incubating stage.
- 9. Why Keycloak? ● Infrastructure agnostic ● Proven and battle tested ● Commercial support available (RedHat build of Keycloak) ● Multiple protocol support (OpenID, Oauth 2.0, SAML 2.0) ● Single Sign On (SSO) support
- 10. Why Keycloak? ● Flexible ○ Multiple identity provider support (IdP) ○ Integrations & Extensions ○ Modular, standalone, clustered, and cross-site deployment topologies ● UI Administration console & REST API available ● Third party IaC available
- 11. Keycloak Core Concepts ● Realm: Manages set of users, groups, credentials, roles, and clients ● Users: Entities which needs to login ● Groups: Collection of users ● Clients: Entities which requests keycloak for authentication and authorization (for e.g. OIDC, SAML v2.0) ● Flows: Authentication, Self-registration, Password recovery, etc
- 12. Keycloak Core Concepts ● Roles: ○ Realm Role: Specific to realm ○ Client Role: Specific to client ● Client scopes: Permissions that client is requesting on behalf of the user ● Identity provider: External OIDC and SAML IdP providers ● Events: User and admin events for audit
- 13. Authorization ● Resource Server ● Resource ● Policy ● Scope ● Permission ● User Managed Access Reference:https://www.keycloak.org/do cs/latest/authorization_services/index.h tml
- 14. Example OIDC with Keycloak Authorization code flow
- 15. Recommended Reads ● Keycloak - Identity and Access Management for Modern Applications: Harness the power of Keycloak, OpenID Connect, and OAuth 2.0 to secure applications , Second Edition ● Awesome-keycloak ● Opensource-identity-access-management-keycloak ● Keycloak high availability ● Observability
- 16. Thank you & Questions