Keycloak is an open source identity and access management solution that can securely authenticate and authorize users for modern applications and services. It supports OpenID Connect, SAML, and Kerberos for single sign-on and includes features like social login, user federation, account management, and authorization. Keycloak provides a standardized JSON web token to represent user identities across systems and services.

1. Easily Secure your
Applications with Keycloak
Sébastien Blanc @sebi2706
1

2. Delegate your Security

3. An open source Identity and Access
Management solution aimed at
modern applications and services.

5. Redirect all the things

7. Authenticate all the things !

8. One Token To rule them all

9. Hello JWT !!

10. Header
{
"alg": "HS256",
"typ": "JWT"
}

11. Claims
{
"exp": 1422990129,
"sub": "jimi",
"roles": [
"ROLE_ADMIN",
"ROLE_USER"
],
"iat": 1422986529
}

12. Signature
Keycloak’s Private Key
Compressed Header
+
Compressed Claims
SIGNS
= JWS

14. Verify
Keycloak’s Public Key
JWSVERIFY

15. Keycloak
● Out of the box solution
● Open Source
● OpenID Connect, SAML2 &
Kerberos
● Social Login Brokering
● User Federation
● SSO
● SPI
● User Account Management

16. Keycloak
● Key Rotation
● Brute Force Detection
● One Time Password
● Authorization Layer

18. ● keycloak.org
○ http://www.keycloak.org/downloads.html
○ http://www.keycloak.org/documentation.html
● keycloak-user@lists.jboss.org
● https://github.com/keycloak/keycloak-quickstarts
● https://developers.redhat.com/blog/2017/05/25/easily-secure-your-spring-boot-
applications-with-keycloak/
● https://github.com/sebastienblanc/spring-boot-keycloak-tutorial/