KeyCloak - Introduction

 Keycloak is an open source Identity and Access Management solution for modern applications and services

 Developed by Red Hat community and some other Individuals

 The first production release of Keycloak was in September 2013

 Keycloak release source code under a FOSS license

 Single sign-on (SSO) is a technique of access control of multiple related, but independent software systems and
it allows a person to authenticate once and gains access to all application without being prompted to log in
again

 Commercial version is Red Hat SSO

 Keycloak for Authentication and Role-based Authorization

 Open source with commercial support available (not confirm till what extend)
1.The user will be redirected indeed to the Keycloak authentication page. After providing Username and password, Keycloak
redirects the user back to your application again with a code that is valid to a very short period of time.

2. The application communicates this code to Keycloak along with the Application ID and the Application secret, then Keycloak
replies with the Access token, ID token, and a Refresh token. Application will need only one of these tokens to see which claims
the user has, and according to the claims, the user will be granted or denied access to protected URL(s)
 KeyCloak - Features
 Authentication
 SSO - Single Sign On and Single Sign out – single sign out can control as per client request
 Session Management
 Social login – Google, FB etc.
 Auditing
 Authorization – Role based
 KeyCloak supports OpenID Connect, OAuth2, SAML 2 protocols Authorization

 KeyCloak can be used for Web application, Mobile application, Desktop application

 Support for multi-factor authentication

 KeyCloak provides API’s for user creation, modification and deletion

 A realm secures and manages security metadata for a set of users, applications, and registered oauth
clients. Users can be created within a specific realm within the Administration console

 Keycloak uses the open source H2 database as its embedded datastore. However, you are free to
choose your own database: Oracle, Microsoft SQL Server, IBM DB2 , MySQL/MariaDB, or PostgreSQL

 Keycloak has built-in support to connect to existing LDAP or Active Directory servers. Organization can
also implement own provider if have users in other stores, such as a relational database

 Companies using Keycloak – Essence, Operon Limited, Bluekiri, asdf

 Passwords are salted and hashed with PBKDF2

 Issuing, verifying and revoking tokens

 KeyCloak – Challenges
 Keycloak is part of Red Hat, which is being acquired by IBM. This has created quite a bit of uncertainty around
the product, as IBM already have “IBM Cloud Identity and Access Management”. IBM has an IAM platform, and
whether Keycloak is folded into the deal, end-of-lifed is an open question that neither IBM or Red Hat has
addressed.

 Red Hat does not provide commercial support for community open source projects directly. Red Hat instead
derives product offerings from community projects which are branded and maintained separately.

 Does we have expertise in technologies like wildfly, JAX-RS, JPA, Infinispan, freemaker etc as this is