Posts

Showing posts from July, 2022

KeyCloak

Image
Keycloak is open source Identity and Access management service for modern applications and services. Add authentication to applications and secure services with minimum fuss. No need to deal with storing users or authentication users. Its all available out of the box. You all even get advanced features such as User Federation, Identity Brokering and Social Login. Features Single Sign on and Single Sign-out Standard Protocols OAuth20, OIDC 1.0, SAML2.0 Flexible Authentication and Authorization Multi Factor Authentication one time passwords Social Login Google, Facebook, Twitter...etc. Provides centralized User management Supports Directory service(AD, LDAP) Customizable and Extensible Easy setup and configurable Core concepts Let's start with Keycloak's core concepts, as shown in Figure 1: Figure 1: Keycloak's core concepts."> A Keycloak  realm  is like a namespace that allows you to manage all of your metadata and configurations. You can have multiple realms based o...

Running Keycloak with docker image

docker run --name keycloak -d -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak: latest start-dev docker stop keycloak docker rm keycloak Again run the above docker run command and see users created already exist or not. so, definitely we will not see as those details are not saving. so, now check how to persist the data with mysql. so, try to configure mysql Step1 create network so that keycloak can talk to Mysql docker network create keycloak-network docker network inspect keycloak-network Step2 start Mysql docker run -p 3306:3306 --name mysql -d --net keycloak-network -e MYSQL_DATABASE=keycloak -e MYSQL_USER=keycloak -e MYSQL_PASSWORD=keycloak -e MYSQL_ROOT_PASSWORD=keycloak mysql Step3 Run keycloak under the same network with addition environment variables docker run -p 8080:8080 --name keycloak -d --net keycloak-network -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin -e KC_DB=mysql -e KC_DB_URL=jdbc:mysql://mysql:3306/keycloak...

What is Keytool?

  keytool is  a key and certificate management utility . It allows users to administer their own public/private key pairs and associated certificates for use in self-authentication (where the user authenticates himself/herself to other users/services) or data integrity and authentication services, using digital signatures Java includes the  keytool  utility in its releases. We use it to  manage  keys and certificates  and store them in a keystore. The  keytool  command allows us to create self-signed certificates and show information about the keystore. In the following sections, we're going to go through different functionalities of this utility. First of all, let's create a self-signed certificate that could be used to establish secure communication between projects in our development environment, for example. In order to  generate the certificate , we're going to open a command-line prompt and use  keytool  command with the...

Securing API's

Securing APIs , every one talking about development of API using spring boot, python,.net,java...etc. but no  one talks about how to secure the APIS. Here I'm talking about security in 5 ways BASIC This works by providing your credentials i.e userId and password works by setting "Authorization" request header with the value as Base64Encode(username:password) curl -X GET \ http://localhost:8080/hellow \ -H 'Authorization: Basic a12dksl32weld2sdld3d2dsd='\ -H'Postman-Token: 30befeb9-83e4-46e8-8633-cf4ad2400936 '\ -H 'cache-control:no-cache' API KEY Random string (e.g. UUID) is assigned to each API consumer This key is passed either as query PARAM or as a request header usually "X-API-KEY" is used as query PARAM or request header curl -X GET \ http://localhost:8080/hellow \ -H 'Postman-Token: 30befeb9-83e4-46e8-8633-cf4ad2400936 '\ -H 'X-API-KEY: 21312332133adada-1231asd-123a-123131312313' \ -H 'cache-...

What is LDAP?

  What Is Lightweight Directory Access Protocol (LDAP)? LDAP is a lightweight version of the Directory Access Protocol (DAP). Its original goal was to provide low-overhead access to an X.500 Directory, but the tool now has a wider variety of uses, which we will discuss later. LDAP’s primary function is enabling users to find data about organizations, persons, and more. It accomplishes this goal by storing data in the LDAP directory and authenticating users to access the directory. It also provides the communication language that applications require to send and receive information from directory services. Data and resources that you can find with LDAP include files and user information. It works with printers, computers, and other devices connected via the internet or a company’s intranet. LDAP works with most vendor directory services, such as Active Directory (AD). With LDAP, sharing information about users, services, systems, networks, and applications from a directory serv...

REST API Authentication using Keycloak as OAuth Provider

Image
REST API Authentication plugin will let you authenticate any application (Jira, Confluence, Bitbucket) APIs using any third-party OAuth/OIDC provider or API Tokens. The app supports Azure AD, Keycloak, Okta, AWS Cognito, Google, Github, Slack, Gitlab, Facebook, and any custom provider Step 1: Configure Keycloak server: In your Keycloak admin console, select the  realm  that you want to use. Go to  Clients  in the left navigation bar and click on   Create . Enter the  ClientID  and select the client protocol as  OpenID-connect  and click on  Save . Select access type as Confidential,  enter the  redirect URL  and click on  save  (Enter the Application's Base URL). To get Client Secret Navigate to  Clients , select  Client Id  and navigate to the  Credentials  tab. Note: Copy the  ClientID  and  Client Secret. Step 2: Fetch Access token through POSTMAN: Open the Postman ...

Keycloak

  Application security is becoming a more and more important topic on a day-to-day basis. Unauthorized access to protected data can potentially cost millions of dollars in the form of various financial penalties. Almost every application needs some reliable tool to manage its users’ identities and accesses.  There are a bunch of solutions on the market — both free and paid — that promise to provide such features. In this blog, I will try to present you one of these tools, which as you probably guess from the title, will be Keycloak.  What Is Keycloak? It is a  tool  for “Identity and Access Management”, as written on their project  page on GitHub . Additionally, Keycloak is an open-source tool currently licensed with Apache License 2.0. It is also an upstream project for Red Hat SSO, so if you are looking for something more enterprise-centered, you can check it.  The full list of supported platforms depends on which protocol you decide to use, currentl...