Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Keycloak - Identity and Access Management for Modern Applications
Keycloak - Identity and Access Management for Modern Applications

Keycloak - Identity and Access Management for Modern Applications: Harness the power of Keycloak, OpenID Connect, and OAuth 2.0 to secure applications , Second Edition

Arrow left icon
Profile Icon Stian Thorgersen Profile Icon Pedro Igor Silva
Arrow right icon
$54.99
Full star icon Full star icon Full star icon Full star icon Half star icon 4.2 (30 Ratings)
Paperback Jul 2023 350 pages 2nd Edition
eBook
$9.99 $43.99
Paperback
$54.99
Subscription
Free Trial
Renews at $19.99p/m
Arrow left icon
Profile Icon Stian Thorgersen Profile Icon Pedro Igor Silva
Arrow right icon
$54.99
Full star icon Full star icon Full star icon Full star icon Half star icon 4.2 (30 Ratings)
Paperback Jul 2023 350 pages 2nd Edition
eBook
$9.99 $43.99
Paperback
$54.99
Subscription
Free Trial
Renews at $19.99p/m
eBook
$9.99 $43.99
Paperback
$54.99
Subscription
Free Trial
Renews at $19.99p/m

What do you get with Print?

Product feature icon Instant access to your digital eBook copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
OR
Modal Close icon
Payment Processing...
tick Completed

Shipping Address

Billing Address

Shipping Methods
Table of content icon View table of contents Preview book icon Preview Book

Keycloak - Identity and Access Management for Modern Applications

Securing Your First Application

In this chapter, you will learn how to secure your first application with Keycloak. To make things a bit more interesting, the sample application you will be running consists of two parts, a frontend web application and a backend REST API. This will show you how a user can authenticate to the frontend, and also how it is able to securely invoke the backend.

By the end of this chapter, you will have a basic understanding of how applications can be secured by Keycloak by leveraging OpenID Connect.

In this chapter, we’re going to cover the following main topics:

  • Understanding the sample application
  • Running the application
  • Understanding how to log in to the application
  • Securely invoking the backend REST API

Technical requirements

To run the sample application included in this chapter, you need to have Node.js (https://nodejs.org/) installed on your workstation.

You also need to have a local copy of the GitHub repository associated with the book. If you have Git installed, you can clone the repository by running this command in a terminal:

$ git clone https://github.com/PacktPublishing/Keycloak---Identity-and-Access-Management-for-Modern-Applications-2nd-Edition.git

Alternatively, you can download a ZIP of the repository from https://github.com/PacktPublishing/Keycloak---Identity-and-Access-Management-for-Modern-Applications-2nd-Edition/archive/main.zip.

Check out the following link to see the Code in Action video:

https://packt.link/oxOr8

Understanding the sample application

The sample application consists of two parts – a frontend web application and a backend REST API.

The frontend web application is a single-page application written in JavaScript. As we want to focus on what Keycloak can offer, the application is very simple. Furthermore, to make it as simple as possible to run the application, it uses Node.js. The application provides the following features:

  • Login with Keycloak.
  • It displays the user’s name.
  • It displays the user’s profile picture, if available.
  • It shows the ID token.
  • It shows the Access token.
  • It refreshes the tokens.
  • It invokes the secured endpoint provided by the backend.

The backend REST API is also very simple and is implemented with Node.js. It provides a REST API with two endpoints:

  • /public: A publicly available endpoint with no security
  • /secured: A secured endpoint requiring an access token with the myrealm global role

Node.js is used for example applications as we want to make the code as easy to understand and as simple to run as possible, regardless of what programming language you are familiar with.

The following diagram shows the relationship between the frontend, the backend, and Keycloak. The frontend authenticates the users using Keycloak and then invokes the backend, which uses Keycloak to verify that the request should be permitted:

Figure 2.1 – Application overview

Figure 2.1: Application overview

Now that you have a basic understanding of the sample application, let’s look at some more details on how it all comes together.

When the user clicks on the login button in the frontend application, the browser is redirected to the Keycloak login page. The user then authenticates with Keycloak, before the browser is redirected back to the application with a special code called an authorization code. The application then invokes Keycloak to exchange the authorization code for the following tokens:

  • An ID token: This provides the application information pertaining to the authenticated user.
  • An access token: The application includes this token when making a request to a service, which allows the service to verify whether the request should be permitted.
  • A refresh token: Both the ID and the access token have short expirations – by default, 5 minutes. The refresh token is used by the application to obtain new tokens from Keycloak.

The flow described is what is known as the authorization code flow in OpenID Connect. If you are not already familiar with OAuth 2.0 or OpenID Connect, they can be a bit daunting at first, but once you become familiar with them, they are actually quite simple and easy to understand.

To help visualize the login process, a simplified sequence diagram is provided as follows:

Figure 2.2 – Authorization code flow in OpenID Connect simplified

Figure 2.2: Authorization code flow in OpenID Connect simplified

The steps in this diagram are as follows:

  1. The User clicks on the login button.
  2. The application redirects to the Keycloak Login page.
  3. The Keycloak login page is displayed to the User.
  4. The User fills in the username and password and submits the results to Keycloak.
  5. After verifying the username and password, Keycloak sends the Authorization code to the application.
  6. The application exchanges the Authorization code for an ID token and an access token. The application can now verify the identity of the user by inspecting the ID token.

By delegating the authentication of the user to Keycloak, the application does not have to know how to authenticate the user. This is especially relevant when the authentication mechanisms change. For example, two-factor authentication can be enabled without having to make changes to the application. This also means the application does not have access to the user’s credentials.

The next step related to Keycloak is when the frontend invokes the backend. The backend REST API has a protected endpoint that can only be invoked by a user with the global role, myrole.

To be completely accurate, the frontend is granted permissions to invoke the backend on behalf of the user. This is part of the beauty of OAuth 2.0. An application does not have access to do everything that the user is able to do, only what it should be able to do.

When the frontend makes a request to the backend, it includes the access token within the request. By default, Keycloak uses JSON Web Signature (JWS) as the token format. These types of tokens are often referred to as non-opaque tokens, meaning the contents of the token are directly visible to the application.

The token also includes a digital signature, making it possible to verify that the token was indeed issued by Keycloak. In essence, this means that the backend can both verify the token and read the contents without a request to Keycloak, resulting in less demand on the Keycloak server and lower latency when processing requests to the backend.

To help visualize what happens when the frontend sends a request to the backend, take a look at the following diagram:

Figure 2.3 – Secured request from the frontend to the backend simplified

Figure 2.3: Secured request from the frontend to the backend simplified

The steps in the diagram are as follows:

  1. The Backend retrieves Keycloak’s public keys. The Backend does not need to do this for all requests to the Backend, but can instead cache the keys in memory.
  2. The Frontend sends a request to the Backend, including the access token.
  3. The Backend uses the public keys it retrieved earlier to verify that the access token was issued by a trusted Keycloak instance, and then verifies that the token is valid and that the token contains the role myrole.
  4. The Backend returns the results to the Frontend.

You now have a basic understanding of how the sample applications are secured with Keycloak. In the next section, you will learn how to run the sample application.

Running the application

In this section, you will learn how to run the sample application.

If you don’t already have Node.js installed on your workstation, go to https://nodejs.org/ for instructions on how to install it.

To run the frontend on Node.js, open a terminal and run the following commands:

$ cd Keycloak---Identity-and-Access-Management-for-Modern-Applications-2nd-Edition/ch2/frontend/
$ npm install
$ npm start

Next, open a new terminal to run the backend using the following commands:

$ cd Keycloak---Identity-and-Access-Management-for-Modern-Applications-2nd-Edition/ch2/backend/
$ npm install
$ npm start

Now that you have the sample application running with Node.js, you can register it with Keycloak, which we will cover in the next section.

Understanding how to log in to the application

In the previous chapter, covering how to get started with Keycloak, you learned how to run Keycloak, as well as how to create your first realm. Prior to continuing this section, you should have Keycloak running with the realm created, as covered in the previous chapter. In summary, what you require before continuing is the following:

  • Keycloak up and running
  • A realm named myrealm
  • A global role named myrole
  • A user with the preceding role

Before an application can log in with Keycloak, it has to be registered as a client with Keycloak.

Before registering the frontend, let’s see what happens if an unregistered application tries to authenticate with Keycloak. Open http://localhost:8000 and then click on the Login button.

You will see an error page from Keycloak with the message Client not found. This error is telling you that the application is not registered with Keycloak.

To register the frontend with Keycloak, open the Keycloak admin console. At the top of the menu on the left-hand side, there is an option to select what realm you are working with. Make sure you have selected the realm named myrealm. In the menu on the left-hand side, click on Clients, and then click on Create client.

Fill in the form with the following values:

  • Client ID: myclient

After filling in the Client ID field, click on Next. On the following screen, it is possible to enable and disable various capabilities required by an application. For now, you can simply ignore this step and click on Save.

Before the client can be used by the frontend application to authenticate with Keycloak, you have to register the URL for the application. Under Access settings, fill in the following values:

  • Valid redirect URIs: http://localhost:8000/
  • Valid post redirect URIs: http://localhost:8000/
  • Web origins: http://localhost:8000

Once you have filled in the form, click on Save. Before we continue to try to log in with the frontend application, let’s look a bit more at what the last configuration values you entered mean:

  • Valid redirect URIs: This value is very important in an OpenID Connect authorization code flow when a client-side application is used. A client-side application is not able to have any credentials as they would be visible to end users of the application. To prevent any malicious applications from being able to masquerade as the real application, the valid redirect URIs instruct Keycloak to only redirect the user to a URL that matches a valid redirect URI. In this case, since the value is set to http://localhost:8000/, an application hosted on http://attacker.com would not be able to authenticate.
  • Valid post redirect URIs: This is the same as the previous value, but for logout requests rather than login requests, as it is fairly common for an application to have different redirect URIs for login and logout. Keycloak supports adding a special post redirect URI with the value +, which results in permitting all valid redirect URIs as post redirect URIs.
  • Web origins: This option registers the valid web origins of the application for Cross-Origin Resource Sharing (CORS) requests. To obtain tokens from Keycloak, the frontend application has to send an AJAX request to Keycloak, and browsers do not permit an AJAX request from one web origin to another, unless CORS is used. Keycloak supports adding a special web origin with the value +, which results in permitting all valid redirect URIs as web origins.

The following screenshot shows the created client in the Keycloak admin console.

Graphical user interface, application, email

Description automatically generated

Figure 2.4: Client settings in the admin console

Now you can go back to the frontend by opening http://localhost:8000. This time, when you click on the Login button, you will see the Keycloak login page. Log in with the username and password you created during the previous chapter.

Let’s take a look at the ID token that Keycloak issued. Click on the Show ID Token button. The ID token that is displayed will look something like the following:

{
  "exp": 1664300152,
  "iat": 1664299852,
  "auth_time": 1664298915,
  "jti": "21bb9f32-98ce-49aa-896d-796cb716be59",
  "iss": "http://localhost:8080/realms/myrealm",
  "aud": "myclient",
  "sub": "eb14ea82-45e2-4413-8997-129fd0fc865b",
  "typ": "ID",
  "azp": "myclient",
  "nonce": "ccf5f374-aa07-4280-b63a-efdba9c355c9",
  "session_state": "22884115-55cb-4285-ba92-26c4bf74f74b",
  "at_hash": "ngdMORpXQcEQJ6d9s3uHvw",
  "acr": "0",
  "sid": "22884115-55cb-4285-ba92-26c4bf74f74b",
  "email_verified": true,
  "name": "Stian Thorgersen",
  "preferred_username": "st",
  "given_name": "Stian",
  "family_name": "Thorgersen",
  "email": "st@localdomain.localhost"
}}

Here is a list of some of the more interesting values within the ID token:

  • exp: This is the date and time the token expires in seconds since 01/01/1970 00:00:00 UTC (often referred to as Unix or Epoch time).
  • iss: This is the issuer of the token, which you may notice is the URL of the Keycloak realm.
  • sub: This is the unique identifier of the authenticated user.
  • name: This is the first name and last name of the authenticated user.
  • preferred_username: This is the username of the authenticated user. You should avoid this as a key for the user as it may be changed, and may even refer to a different user in the future. Instead, always use the sub field for the user key.

The ID token is used by the application to establish the identity of the authenticated user.

Next, let’s take a look at the access token. Click on the Show Access Token button. Let’s also take a look at some fields in this token:

  • allowed-origins: This is a list of permitted web origins for the application. The backend service can use this field when deciding whether web origins should be permitted for CORS requests.
  • realm_access: This contains a list of global realm roles. It is the intersection between the roles granted to the user, and the roles the client has access to.
  • resource_access: This contains a list of client roles.
  • scope: Scopes can be used both to decide what fields (or claims) to include in the token and by backends to decide what APIs the token can access.

Currently, the information within the tokens is the default fields available in Keycloak. If you want to add additional information, Keycloak is very flexible in allowing you to customize the content within the tokens.

Let’s give this a go by adding a picture for the user. Leave the tab with the frontend open, and then open a new tab with the Keycloak admin console. In the menu on the left-hand side, click on Users, and select the user you created previously. Now let’s add a custom attribute to the user. Click on Attributes. In the table, there will be two empty input fields at the bottom. In the Key column, set the value to picture, and in the Value column, set the value to the URL of a profile picture (in the following screenshot, I’ve used my GitHub avatar). Then, click on Save.

:Graphical user interface, text, application, email

Description automatically generated

Figure 2.5: Adding a custom attribute to a user

Now, go back to the tab where you have the frontend open. To display the profile picture, you can click on the Refresh button. When you click on this button, the tokens will be refreshed, and the new ID token will now contain the picture attribute you just added, which allows the application to display a profile picture for the user.

Next, you will learn how to securely invoke the backend from the frontend.

Securely invoking the backend REST API

Now, open http://localhost:3000/ and click on the Public endpoint link. You will see a message saying Public message!. The public endpoint is not secured by Keycloak and can be invoked without an access token.

Next, let’s try the secured endpoint that is protected by Keycloak. Open http://localhost:3000/ again. This time, click on the Secured endpoint link. Now you will see a message saying Access denied. This request is not permitted since it requires a valid access token to invoke the endpoint.

Let’s now try to invoke the secured endpoint from the frontend. Open http://localhost:8000/ and click on Invoke Service. You will now see a message displayed saying Secret message!. If instead you get the message Access Denied, this is most likely caused by the user not having the myrole role.

When you click Invoke Service, the frontend sends an AJAX request to the backend service, including the access token in the request, which allows the backend to verify that the invocation is done on behalf of a user who has the required role to access the endpoint.

Summary

In this chapter, you learned how to secure your first application, consisting of a frontend web application and a backend REST API with Keycloak. You also gained a basic understanding of how Keycloak leverages OpenID Connect to make this all happen in a standard and secure way. Together with what you learned in the first chapter of the book, you now have a solid foundation to start learning more about Keycloak.

In the next chapter, we will dive deeper into securing applications with Keycloak, giving you a better understanding of how it all works.

Questions

  1. How does an application authenticate with Keycloak?
  2. What do you need to configure in the Keycloak admin console in order to allow an application to authenticate with Keycloak?
  3. How does an application securely invoke a protected backend service?

Join our community on Discord

Join our community’s Discord space for discussions with the authors and other readers:

https://packt.link/SecNet

Left arrow icon Right arrow icon
Download code icon Download Code

Key benefits

  • A beginners’ guide to Keycloak focussed on understanding Identity and Access Management
  • Implement authentication and authorization in applications using Keycloak 22
  • Utilize Keycloak in securing applications developed by you and the existing applications in your enterprise

Description

The second edition of Keycloak - Identity and Access Management for Modern Applications is an updated, comprehensive introduction to Keycloak and its updates. In this new edition, you will learn how to use the latest distribution of Keycloak. The recent versions of Keycloak are now based on Quarkus, which brings a new and improved user experience and a new admin console with a higher focus on usability. You will see how to leverage Spring Security, instead of the Keycloak Spring adapter while using Keycloak 22. As you progress, you’ll understand the new Keycloak distribution and explore best practices in using OAuth. Finally, you'll cover general best practices and other information on how to protect your applications. By the end of this new edition, you’ll have learned how to install and manage the latest version of Keycloak to secure new and existing applications using the latest features.

Who is this book for?

This book is for developers, sysadmins, security engineers, or anyone who wants to leverage Keycloak and its capabilities for application security. Basic knowledge of app development, authentication, and authorization is expected.

What you will learn

  • Understand how to install, configure, and manage the latest version of Keycloak
  • Discover how to obtain access tokens through OAuth 2.0
  • Utilize a reverse proxy to secure an application implemented in any programming language or framework
  • Safely manage Keycloak in a production environment
  • Secure different types of applications, including web, mobile, and native applications
  • Discover the frameworks and third-party libraries that can expand Keycloak
Estimated delivery fee Deliver to United States

Economy delivery 10 - 13 business days

Free $6.95

Premium delivery 6 - 9 business days

$21.95
(Includes tracking information)

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Jul 31, 2023
Length: 350 pages
Edition : 2nd
Language : English
ISBN-13 : 9781804616444
Vendor :
Red Hat
Category :
Concepts :
Tools :

What do you get with Print?

Product feature icon Instant access to your digital eBook copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
OR
Modal Close icon
Payment Processing...
tick Completed

Shipping Address

Billing Address

Shipping Methods
Estimated delivery fee Deliver to United States

Economy delivery 10 - 13 business days

Free $6.95

Premium delivery 6 - 9 business days

$21.95
(Includes tracking information)

Product Details

Publication date : Jul 31, 2023
Length: 350 pages
Edition : 2nd
Language : English
ISBN-13 : 9781804616444
Vendor :
Red Hat
Category :
Concepts :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total $ 154.97
The Ultimate Docker Container Book
$49.99
Mastering Linux Security and Hardening
$49.99
Keycloak - Identity and Access Management for Modern Applications
$54.99
Total $ 154.97 Stars icon
Banner background image

Table of Contents

17 Chapters
Getting Started with Keycloak Chevron down icon Chevron up icon
Securing Your First Application Chevron down icon Chevron up icon
Brief Introduction to Standards Chevron down icon Chevron up icon
Authenticating Users with OpenID Connect Chevron down icon Chevron up icon
Authorizing Access with OAuth 2.0 Chevron down icon Chevron up icon
Securing Different Application Types Chevron down icon Chevron up icon
Integrating Applications with Keycloak Chevron down icon Chevron up icon
Authorization Strategies Chevron down icon Chevron up icon
Configuring Keycloak for Production Chevron down icon Chevron up icon
Managing Users Chevron down icon Chevron up icon
Authenticating Users Chevron down icon Chevron up icon
Managing Tokens and Sessions Chevron down icon Chevron up icon
Extending Keycloak Chevron down icon Chevron up icon
Securing Keycloak and Applications Chevron down icon Chevron up icon
Assessments Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon
Index Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.2
(30 Ratings)
5 star 63.3%
4 star 16.7%
3 star 6.7%
2 star 3.3%
1 star 10%
Filter icon Filter
Top Reviews

Filter reviews by




David Junior Dec 10, 2023
Full star icon Full star icon Full star icon Full star icon Full star icon 5
This book provides a thorough understanding of Keycloak, OAuth 2.0, and OpenID Connect (OIDC), delving into the intricacies of each concept and their practical applications. The author employs a practical approach by developing a simple web application to illustrate the implementation of Keycloak's OAuth protocol. Every endpoint and token is meticulously examined, ensuring that readers gain a solid foundation in authentication and authorization mechanisms.
Feefo Verified review Feefo
Anil Saldanha Dec 15, 2023
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Keycloak is a very important open source IAM software developed by passionate developers at RedHat. This project has been developed over many years with great community feedback. One limitation with the software has been rectified with the first edition (limitation was there were no books written about it).Keycloak is an excellent solution for DIY version of Okta, Microsoft Azure AD, AWS Cognito etc where you have full control over costs, features and deployment.This book is an excellent addition to your personal library of technical books. If you use Keycloak (either the open source version or RedHat SSO), you should have a copy of this book (and future revisions).IAM is a complicated subject. There are a plethora of standards, technologies and configuration. Since it is an integral part of security and doorway to your applications, it is extremely important to understand the theory and configuration associated with Keycloak.At a high level, I deeply appreciate the authors placing topics of Keycloak in separate sections namely Installation, Application Security, Application Integration, Configuration etc. This is handy when you need to quickly refer to the book.My personal favorite chapter is 13 where the authors describe mechanisms to extend Keycloak. In the field, I have had difficulties over the years getting to understand the methods to write Keycloak custom providers for authentication with third party security systems as well as Keycloak limitations such as the SAML attribute profile.Majority of production administrators will appreciate chapters 9, 10,11 and 12.Chapter 8 tackles the difficult subject of Authorization. Coverage is given to RBAC, GBAC and ABAC. This chapter is critical for developers.I do not see sections dedicated to Keycloak in various cloud systems (primarily AWS). I understand that this is tricky because cloud installations are changing and content can get dated. I hope the authors can online references to supplements covering cloud based deployments. Using Quarkus as the base provides opportunities for cloud based deployments.Chapter 4 is brilliant where the authors describe OpenID Connect based authentication. This is important for modern applications.
Amazon Verified review Amazon
SRP Sep 03, 2023
Full star icon Full star icon Full star icon Full star icon Full star icon 5
I have a keen interest in all things Zero Trust, and as you might appreciate, Identity, Authentication and Authorization are some of the core tenets of Zero Trust.For those new to IAM or who have yet to come across Keycloak, Keycloak is an open-source Identity and Access Management (IAM) tool; the Keycloak project will be 10 years "young" in 2024!The book was very straightforward to follow, and the generous servings of assessments and practical examples throughout the book helped me reinforce the learnings of the various topics.The first couple of chapters will help you get a deeper understanding of Keycloack and will help you get started with deploying Keycloak and getting ready to begin securing your applications. The authors have made the deployment job very easy by providing concise instructions for deploying Keycloak on Docker.The following block of chapters (esp. 3 - 8) covers essential standards (and integration of) OAuth 2.0 for Authorization), OpenID Connect (for Authentication), JSON Web Tokens (JWT), and Security Assertion Markup Language 2.0 (SAML 2.0) with Keycloak. I was pleased to see each chapter's depth on these topics; I am sure that someone who is interested or is a practitioner of IAM will find value in the way standards and the integration aspects have been covered.The remainder of the book is about getting your Keyclock production-ready with clear steps on hardening, integrating, managing and maintaining the Keycloak deployment.Overall, it is a fantastic book; it deserves 5 of 5!
Amazon Verified review Amazon
Dr Ram Kumar G Jan 10, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Recently, I had the opportunity to read the book "𝗞𝗲𝘆𝗰𝗹𝗼𝗮𝗸 - 𝗜𝗱𝗲𝗻𝘁𝗶𝘁𝘆 𝗮𝗻𝗱 𝗔𝗰𝗰𝗲𝘀𝘀 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁 𝗳𝗼𝗿 𝗠𝗼𝗱𝗲𝗿𝗻 𝗔𝗽𝗽𝗹𝗶𝗰𝗮𝘁𝗶𝗼𝗻𝘀" authored by Stian Thorgersen & Pedro Igor Craveiro e Silva published by Packt.This book is an essential guide to learn about hashtag#Keycloak which is an open source identity and access management solution. Written in an easy to follow language with apt diagrams, this book covers the finer aspects of Keycloak solution with practical guidance.The authors have provided an in-depth and comprehensive coverage of the different aspects of Keycloak solution implementation. The chapters take you on a progressive journey to impart knowledge on the technical interface between Keycloak, Open ID Connect & OAuth 2.0 protocols to secure applications with detailed chapters on application integration with Keycloak, managing & authenticating users, authorization strategies, managing tokens & sessions and configuring & security Keycloak.With step by step instructions and easy to relate real world scenarios, I find the book to be an easy read for anyone wanting to learn about Keycloak solution and each of the chapter ends with set of questions for the reader to answer. The solutions are provided towards the end of the book which is easy to understand.I strongly recommend this book for all those IT & cyber security IAM enthusiasts aspiring to learn about Keycloak solution implementation.
Amazon Verified review Amazon
D.Mills Jul 31, 2023
Full star icon Full star icon Full star icon Full star icon Full star icon 5
If you are new to Keycloak, this book is a must-have. Keycloak is an open-source Identity and Access Management tool that secures modern applications such as single-page applications, mobile applications, and REST APIs. The authors provide a theoretical overview of Keycloak from start to finish. This book helps you get up to speed, from installing and running keycloak in the admin console to securing Keycloak and applications. The authors make it easy to follow with the step-by-step instructions in each chapter and screenshots of how the GUI should look while you follow along. To ensure you understand each chapter and concept, the authors have end-of-the-chapter questions to ensure you know the key concepts. At the end of some chapters, the authors have further reading so the reader can follow the URL links for more information on the topics covered in the chapters. This was helpful when I got to Chapter 8, Authorization Strategies. Being in the IAM space, it's only so much you can fit into one chapter regarding the different authorization protocols and strategies. This book gives you strategies for securing internal and external application types. The authors also have a chapter showing step-by-step instructions on integrating Keycloak in a Productions environment and tests you can run for load balancing, failover, and frontend and backchannel URLs. When it comes to Keycloak, I highly recommend this book for any IAM/Security Engineer looking to implement this tool in their environment.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is the delivery time and cost of print book? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela
What is custom duty/charge? Chevron down icon Chevron up icon

Customs duty are charges levied on goods when they cross international borders. It is a tax that is imposed on imported goods. These duties are charged by special authorities and bodies created by local governments and are meant to protect local industries, economies, and businesses.

Do I have to pay customs charges for the print book order? Chevron down icon Chevron up icon

The orders shipped to the countries that are listed under EU27 will not bear custom charges. They are paid by Packt as part of the order.

List of EU27 countries: www.gov.uk/eu-eea:

A custom duty or localized taxes may be applicable on the shipment and would be charged by the recipient country outside of the EU27 which should be paid by the customer and these duties are not included in the shipping charges been charged on the order.

How do I know my custom duty charges? Chevron down icon Chevron up icon

The amount of duty payable varies greatly depending on the imported goods, the country of origin and several other factors like the total invoice amount or dimensions like weight, and other such criteria applicable in your country.

For example:

  • If you live in Mexico, and the declared value of your ordered items is over $ 50, for you to receive a package, you will have to pay additional import tax of 19% which will be $ 9.50 to the courier service.
  • Whereas if you live in Turkey, and the declared value of your ordered items is over € 22, for you to receive a package, you will have to pay additional import tax of 18% which will be € 3.96 to the courier service.
How can I cancel my order? Chevron down icon Chevron up icon

Cancellation Policy for Published Printed Books:

You can cancel any order within 1 hour of placing the order. Simply contact customercare@packt.com with your order details or payment transaction id. If your order has already started the shipment process, we will do our best to stop it. However, if it is already on the way to you then when you receive it, you can contact us at customercare@packt.com using the returns and refund process.

Please understand that Packt Publishing cannot provide refunds or cancel any order except for the cases described in our Return Policy (i.e. Packt Publishing agrees to replace your printed book because it arrives damaged or material defect in book), Packt Publishing will not accept returns.

What is your returns and refunds policy? Chevron down icon Chevron up icon

Return Policy:

We want you to be happy with your purchase from Packtpub.com. We will not hassle you with returning print books to us. If the print book you receive from us is incorrect, damaged, doesn't work or is unacceptably late, please contact Customer Relations Team on customercare@packt.com with the order number and issue details as explained below:

  1. If you ordered (eBook, Video or Print Book) incorrectly or accidentally, please contact Customer Relations Team on customercare@packt.com within one hour of placing the order and we will replace/refund you the item cost.
  2. Sadly, if your eBook or Video file is faulty or a fault occurs during the eBook or Video being made available to you, i.e. during download then you should contact Customer Relations Team within 14 days of purchase on customercare@packt.com who will be able to resolve this issue for you.
  3. You will have a choice of replacement or refund of the problem items.(damaged, defective or incorrect)
  4. Once Customer Care Team confirms that you will be refunded, you should receive the refund within 10 to 12 working days.
  5. If you are only requesting a refund of one book from a multiple order, then we will refund you the appropriate single item.
  6. Where the items were shipped under a free shipping offer, there will be no shipping costs to refund.

On the off chance your printed book arrives damaged, with book material defect, contact our Customer Relation Team on customercare@packt.com within 14 days of receipt of the book with appropriate evidence of damage and we will work with you to secure a replacement copy, if necessary. Please note that each printed book you order from us is individually made by Packt's professional book-printing partner which is on a print-on-demand basis.

What tax is charged? Chevron down icon Chevron up icon

Currently, no tax is charged on the purchase of any print book (subject to change based on the laws and regulations). A localized VAT fee is charged only to our European and UK customers on eBooks, Video and subscriptions that they buy. GST is charged to Indian customers for eBooks and video purchases.

What payment methods can I use? Chevron down icon Chevron up icon

You can pay with the following card types:

  1. Visa Debit
  2. Visa Credit
  3. MasterCard
  4. PayPal
What is the delivery time and cost of print books? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela