You're reading from Keycloak - Identity and Access Management for Modern Applications Harness the power of Keycloak, OpenID Connect, and OAuth 2.0 protocols to secure applications

Product type Paperback

Published in Jun 2021

Publisher Packt

ISBN-13 9781800562493

Length 362 pages

Edition 1st Edition

Tools

Docker

Concepts

System Administration

Authors (2):

Pedro Igor Silva

Stian Thorgersen

View More author details

Table of Contents (21) Chapters

Preface

1. Section 1: Getting Started with Keycloak

2. Chapter 1: Getting Started with Keycloak FREE CHAPTER

3. Chapter 2: Securing Your First Application

4. Section 2: Securing Applications with Keycloak

5. Chapter 3: Brief Introduction to Standards

6. Chapter 4: Authenticating Users with OpenID Connect

7. Chapter 5: Authorizing Access with OAuth 2.0

8. Chapter 6: Securing Different Application Types

9. Chapter 7: Integrating Applications with Keycloak

10. Chapter 8: Authorization Strategies

11. Section 3: Configuring and Managing Keycloak

12. Chapter 9: Configuring Keycloak for Production

13. Chapter 10: Managing Users

14. Chapter 11: Authenticating Users

15. Chapter 12: Managing Tokens and Sessions

16. Chapter 13: Extending Keycloak

17. Section 4: Security Considerations

18. Chapter 14: Securing Keycloak and Applications

19. Assessments

20. Other Books You May Enjoy

What this book covers

Chapter 1, Getting Started with Keycloak, gives you a brief introduction to Keycloak and steps on how to get quickly up to speed by installing and running Keycloak yourself. It also provides an introduction to the Keycloak admin and account consoles.

Chapter 2, Securing Your First Application, explains how to secure your first application with Keycloak through a sample application consisting of a single-page application and a REST API.

Chapter 3, Brief Introduction to Standards, provides a brief introduction and comparison of the standards Keycloak supports to enable you to integrate your applications securely and easily with Keycloak.

Chapter 4, Authenticating Users with OpenID Connect, teaches how to authenticate users by leveraging the OpenID Connect standard. This chapter leverages a sample application that allows you to see and understand how an application authenticates to Keycloak through Open ID Connect.

Chapter 5, Authorizing Access with OAuth 2.0, teaches how to authorize access to REST APIs and other services by leveraging the OAuth 2.0 standard. Through a sample application, you will see firsthand how an application obtains an access token through OAuth 2.0, which the application uses to invoke a protected REST API.

Chapter 6, Securing Different Application Types, covers best practices on how to secure different types of applications, including web, mobile, and native applications, as well as REST APIs and other backend services.

Chapter 7, Integrating Applications with Keycloak, provides steps on how to integrate your applications with Keycloak, covering a range of different programming languages, including Go, Java, client-side JavaScript, Node.js, and Python. It also covers how you can utilize a reverse proxy to secure an application implemented in any programming language or framework.

Chapter 8, Authorization Strategies, covers how your application can use information about the user from Keycloak for access management, covering roles and groups, as well as custom information about users.

Chapter 9, Configuring Keycloak for Production, teaches how to configure Keycloak for production, including how to enable TLS, configuring a relational database, and enabling clustering for additional scale and availability.

Chapter 10, Managing Users, takes a closer look at the capabilities provided by Keycloak related to user management. It also explains how to federate users from external sources such as LDAP, social networks, and external identity providers.

Chapter 11, Authenticating Users, covers the various authentication capabilities provided by Keycloak, including how to enable second-factor authentication, as well as security keys.

Chapter 12, Managing Tokens and Sessions, helps understand how Keycloak leverages server-side sessions to keep track of authenticated users, as well as best practices on managing tokens issued to your applications.

Chapter 13, Extending Keycloak, explains how you can extend Keycloak, covering how you can modify the look and feel of user-facing pages such as the login pages and account console. It also provides a brief introduction to one of the more powerful capabilities of Keycloak that allows you to provide custom extensions for a large number of extension points.

Chapter 14, Securing Keycloak and Applications, provides best practices on how to secure Keycloak for production. It also provides a brief introduction to some best practices to follow when securing your own applications.