How to secure your Microservices with Keycloak - Thomas Darimont
ฝัง
- เผยแพร่เมื่อ 24 มิ.ย. 2019
- Voxxed Days Luxembourg 2019
Room: Linux
Type: Conference
Title: How to secure your Microservices with Keycloak
Speaker: Thomas Darimont (codecentric AG) - วิทยาศาสตร์และเทคโนโลยี
One of the best explanation of SSO in Keycloak using OIDC I've ever seen
02:22 Overview
05:28 Features
09:02 Main Concepts
11:48 Quick Tour - Admin Console
12:43 Admin Console Demo - Configure
19:00 Admin Console Demo - Manage
20:12 Technology Stack
22:04 Server Architecture
24:59 SSO with OIDC
29:34 Keycloak Tokens
33:22 JSON Web Tokens
34:42 JWT Example
36:39 Calling Backend Services with Access Token
39:17 Keycloak Client Integrations
41:25 Keycloak Demo - Securing Apps
41:28 Demo Environment
41:54 Demo Services
45:35 Demo Applications
47:10 Github Repository
47:55 Keycloak in the field
51:54 Summary
53:05 Keycloak Extension Playground
Thanks a lot Thomas. One of the best sessions I watched in recent times. Very informative. Learned a lot. Will definitely give a try.
Hat's off to you Thomas; truly great insight on KeyCloak and its capabilities. I was badly looking for AD/ADFS integration and was not getting right pointers. Thank you very much; you are a great professional !!!
Awesome presentation. Thanks Thomas :D
Great introduction! Thank you Thomas!
Thanks. Well prepared, well presented, Informative demo and presentation. Learned a lot in this session.
Great. A very useful demo covering almost everything that we need to secure applications using Keycloak. Thanks a lot.
Thank you very much. That was a great session
A very good introduction and overview! Just what I was looking for to start with Keycloak! Vielen Dank!!
Great demo! I learned a lot of stuff, not just keycloak.
I kinda feel that Keycloak can be a great substitute for Auth0.
Simply awesome. Thank you so much!
Great talk. Thanks, Thomas.
Thanks for summing up a lot of info within an hour!
great info and very good demo! thanks thomas!
Great demo ! Thanks
This looks awesome! Thank you!
Awesome Video! Very helpful content. You also did a great job explaining! Thank you!
i love it how he pronounces single sign on as "sing a song"
Great Demo!!!Learned a lot
Requesiting for few more videos on keycloak with indepth explanation to expertise in keycloak
This was great!!! Completely answered questions I had about backend validating tokens
Hello, thanks a lot for the great presentation. Just to add, if you want the ability to revoke Access Tokens before they expire, you can use the introspection endpoint instead of checking the signature.
Finaly i got best of explanation about SSO with Keycloak
big thanks
Great talk! Thanks
Very informative tutorial. Many concepts are clearly explained. I played the video at the speed of 0.75x.
Simply Awesome
Spectacular Demo
Great Demo!!
Quite amazing!
Nice presentation.
Great talk!
that's realy great
Thanks for the useful video. I am facing configuring public IP addresses on keycloak. would you mind telling if any specific configuration needs to be noted?
Do we need to define security constraint in application.yml?
Can we add into the access token, the location of the original request? Like, the application where the login was initiated from?
Thanks, great demo. I have a question, I've my react-front and back-spring-api securized with keycloak. Why when I logout from react-app or close all session in keycloak admin console before that the token expire, I still can call rest api backend using the previous token generated at login moment (postman)?
*backend-spring-api config*
_"client-id": "my-public-client",_
_"bearer-only": true,_
_"auth-server-url": "localhost:8180/auth",_
_"realm": "my-realm"_
Hi! I see it's been a while, but for those with the same question:
So, when a user logs out in the browser the JWT it uses isn't really invalidated, it's just removed from the browser's memory. When we are talking about a client like Postman, this means nothing, and the jwt will remains valid until it's expiration. To circumvent, you could shorten the expiration or implement in backend a verification of valid/invalid sessions
For anyone curious as to why they cannot find Keycloak Gatekeeper anymore, it was moved out of the Keycloak governance group earlier in 2020. Details can be found here: groups.google.com/forum/#!topic/keycloak-dev/oDyw94BWxM0
Keycloak helped us in our application. The only downside i have seen is that there are many options and you need good jargon knowledge.
Let's say it's an Order API and I want to see only my Order and I should not have access to modify my Order. However, a Sales Agent can.
Is it possible using keycloak?
hi, you are doing great job, if posible please make tutorilas on flask keycloak integration.. thank you
noice
Where can I find the slides?
Unfortunately this is the old keycloak version. Many things have changed, especially the UI.
Right?
46:55 "Zack" hehe
Great! Really impressive! Now rewrite it in golang! Basically every application I am dealing with need this functionality the problem is jboss, Jboss, or any other "container", it is orrible I dont wanna have it around never, at least rewrite it to run without jboss and will be ok for me.
Looking forward to your pull request
Bye bye Auth0