SlideShare a Scribd company logo

Guide of authentication and authorization for cloud native applications with Keycloak

Hitachi, Ltd. OSS Solution Center.
Hitachi, Ltd. OSS Solution Center.

Open Source Summit Japan 2023の資料

Software
1 of 38
Download to read offline
© Hitachi, Ltd. 2023. All rights reserv ed. Guide of authentication and authorization for cloud native applications with Keycloak Open Source Summit Japan 2023 Hitachi, Ltd. OSS Solution Center 12/05/2023 Michito Okai
1 © Hitachi, Ltd. 2023. All rights reserv ed. About the speaker • Specialist in authentication and authorization ➢ Engaged in authentication and authorization technical support • Contributor of Keycloak which is Identity and Access Management (IAM) OSS ➢ OAuth 2.0 Device Authorization Grant [RFC8628] ➢ Performance improvement ➢ Security improvement for tokens • Other activities ➢ Writer of web articles about IAM (Japanese) Michito Okai ➢ Software Engineer ➢ Hitachi, Ltd. ➢ GitHub: @Michito-Okai
© Hitachi, Ltd. 2023. All rights reserv ed. 1. Importance of Authentication and Authorization 2. Introduction of Keycloak 3. Authentication for Cloud Native Applications with Keycloak Contents 2 4. Authorization for Cloud Native Applications with Keycloak
© Hitachi, Ltd. 2023. All rights reserv ed. Contents 3 1. Importance of Authentication and Authorization 2. Introduction of Keycloak 3. Authentication for Cloud Native Applications with Keycloak 4. Authorization for Cloud Native Applications with Keycloak
4 © Hitachi, Ltd. 2023. All rights reserv ed. What is Authentication and Authorization Authorization is the process of verifying if user can access the requested API. ? Authenticated Authorized Authentication is the process of verifying the user (client) who (which) is requesting API. can access? ? API can access? ? API Michito Okai can access? ? API Michito Okai can access API Michito Okai
5 © Hitachi, Ltd. 2023. All rights reserv ed. Security risks about “Authentication” and “Authorization” in OWASP Top 10. * OWASP Top 10 2021 https://owasp.org/Top10/ #7 Identificationand AuthenticationFailures Security risks about “Authentication” and “Authorization” in OWASP Top 10 API Security. * OWASP Top 10 API Security Risks - 2023 https://owasp.org/API-Security/editions/2023/en/0x11-t10/ #2 BrokenAuthentication Security Risks about Authentication and Authorization in OWASP Top 10 and OWASP Top 10 API Security #1 BrokenAccess Control #1 BrokenObjectLevel Authorization #5 BrokenFunction Level Authorization #3 BrokenObjectProperty LevelAuthorization It is important to minimize security risks by implementing appropriate authentication and authorization.
© Hitachi, Ltd. 2023. All rights reserv ed. Contents 6 1. Importance of Authentication and Authorization 2. Introduction of Keycloak 3. Authentication for Cloud Native Applications with Keycloak 4. Authorization for Cloud Native Applications with Keycloak
7 © Hitachi, Ltd. 2023. All rights reserv ed. Major features ⚫ Support standard specifications. ex. OAuth 2.0, OpenID Connect 1.0, SAML v2, … ⚫ Login with social media. ⚫ Connect to existing user stores. ex. LDAP, Active Directory, … What is Keycloak • Keycloak is Identity and Access Management (IAM) OSS. Supporting Standard Specifications Keycloak LDAP Active Directory RDB OpenID Connect 1.0 SAML v2 GitHub Twitter Facebook Identity Management Social Login OAuth 2.0
8 © Hitachi, Ltd. 2023. All rights reserv ed. Keycloak for Cloud Native Environments Keycloak has two advantages for cloud native environments. 1. Easy deployment on Kubernetes 2. Suitable for container environments Keycloak changed based distribution from Wildfly to Quarkus. • Keycloak starting time has been fast from 13.5 second to 8.7 second* • Memory consumption of Keycloak at starting has been less from 407 MB to 234 MB* Quick scaling is possible There are two ways to deploy Keycloak on Kubernetes. ① Using docker image ② Using Keycloak operator * https://thinkit.co.jp/article/22308
9 © Hitachi, Ltd. 2023. All rights reserv ed. Keycloak joined CNCF as incubating project In April 2023, Keycloak joined CNCF as an incubating project. Keycloak will be de-facto standard IAM products for CNCF ecosystem.
10 © Hitachi, Ltd. 2023. All rights reserv ed. Minimization of Security Risks with Keycloak [1/3] There are two important things to implement authentication and authorization and to minimize security risks. • Support standard specifications recommended by best current practice (BCP) to protect from current attack methods • Continue to support specifications recommended by new BCP to protect from new evolved attack methods Keycloak satisfies the above two important things. Time BCP attack methods new attack methods new attack methods new BCP new BCP evolve evolve evolve evolve now
11 © Hitachi, Ltd. 2023. All rights reserv ed. Minimization of Security Risks with Keycloak [2/3] Keycloak adheres the following standard specifications. * OAuth 2.0 Security Best Current Practice Draft 24. There are two important things to implement authentication and authorization and to minimize security risks. • Support standard specifications recommended by best current practice (BCP) to protect from current attack methods • Continue to support specifications recommended by new BCP to protect from new evolved attack methods OK Keycloak supports OAuth OIDC [OpenID Connect Core], [OpenID Connect Discovery], [Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)] BCP* [RFC6749], [RFC6750], [RFC7636], [RFC9126], [OAuth 2.0 Form Post Response Mode] [RFC7009], [RFC7592], [RFC7662], [RFC8626], [RFC8705] [OpenID Connect Dynamic Registration], [Financial-grade API: Client Initiated Backchannel Authentication Profile]
12 © Hitachi, Ltd. 2023. All rights reserv ed. Minimization of Security Risks with Keycloak [3/3] Keycloak is quick to support standard specifications. • Keycloak has OAuth SIG (Special Interest Group) which implements security standard specifications related to OAuth or OpenID Foundation. -> Specialists of OAuth SIG discuss implementing standard specifications once a month. • The number of author in GitHub for one year is 311*1 and Keycloak ranked in 7th in terms of the fastest-growing contributor counts*2. -> It is expected that the community including OAuth SIG will continue to be active. There are two important things to implement authentication and authorization and to minimize security risks. • Support standard specifications recommended by best current practice (BCP) to protect from current attack methods • Continue to support specifications recommended by new BCP to protect from new evolved attack methods OK *1 https://www.cncf.io/blog/2023/10/27/october-2023-where-we-are-with-velocity-of-cncf-lf-and-top-30-open-source-projects/ *2 https://octoverse.github.com/2022/state-of-open-source
© Hitachi, Ltd. 2023. All rights reserv ed. Contents 13 1. Importance of Authentication and Authorization 2. Introduction of Keycloak 3. Authentication for Cloud Native Applications with Keycloak 4. Authorization for Cloud Native Applications with Keycloak
14 © Hitachi, Ltd. 2023. All rights reserv ed. Authentication for Cloud Native Applications The following functions are useful in terms of authentication for cloud native applications • Single Sign On (SSO) • Social Login • Multi-Factor Authentication (MFA) • WebAuthn (Passwordless Authentication) • Passkeys (Passwordless Authentication)
15 © Hitachi, Ltd. 2023. All rights reserv ed. Single Sign On (SSO) Single Sign On (SSO) is a system that allows you to use multiple applications with one login. Keycloak enables SSO by cookie authentication. • Users do not have to input and manage username and password for each application Username: Password: Login Username: Password: Login Username: Password: Login User Username: Password: Login Cloud native application Cloud native application Cloud native application Cloud native application Cloud native application Cloud native application Keycloak User
16 © Hitachi, Ltd. 2023. All rights reserv ed. Social Login Social Login is logging in services using account of social media. Keycloak allows users to use account of social media such as GitHub, Facebook, Twitter and Microsoft and so on. • Users do not have to input user information such as name, address, e-mail, telephone number and password and manage username and password. User Username: Password: Login Login with GitHub Login with Facebook Keycloak Facebook Username: Password: Login GitHub Username: Password: Login Cloud native application Cloud native application Cloud native application
17 © Hitachi, Ltd. 2023. All rights reserv ed. Multi-Factor Authentication (MFA) [1/2] Multi-Factor Authentication (MFA) is authenticating by using two or more of the following three. • Something You Know (ex: password) • Something You Have (ex: authenticator) • Something You Are (ex: fingerprint) Keycloak authenticates using Something You Know and Something You Have. 0. Register authenticator Username: Password: Login User 1. Password authentication Keycloak One Time Password Submit 2. One time password authentication Something You Know (password) Something You Have (authenticator) Authenticator
18 © Hitachi, Ltd. 2023. All rights reserv ed. Multi-Factor Authentication (MFA) [2/2] Keycloak prevents illegal authentication even if attacker succeeds in password authentication by an attack method such as dictionary attack, password list-based attack, brute-force attack and reverse brute-force attack. Attacker Keycloak Password authentication succeeds because attacker knows username and password. One time Password authentication fails because attacker does not have authenticator. 2. One time password authentication 1. Password authentication Username: Password: Login One Time Password Submit
19 © Hitachi, Ltd. 2023. All rights reserv ed. WebAuthn (PasswordlessAuthentication) [1/2] WebAuthn is authentication technology which enables passwordless authentication and MFA. Keycloak authenticates user without password. • Users do not need to remember complex passwords. • Phishing can be prevented in Keycloak. User challenge Fingerprint authentication, face authentication, etc. →Something You Are (fingerprint) Verify the signature. → Something You Have (authenticator) Keycloak Authenticator (smart phone) signature for challenge Username: Password: Login
20 © Hitachi, Ltd. 2023. All rights reserv ed. WebAuthn (PasswordlessAuthentication) [2/2] WebAuthn is authentication technology which enables passwordless authentication and MFA. Keycloak authenticates user without password. • Users do not need to remember complex passwords. • Phishing can be prevented in Keycloak. User Signature verification fails because challenges 3 and 4 are different. Keycloak Attacker Authenticator (smart phone) 1. challenge 2. signature for challenge 4. signature for challenge 3. challenge Fingerprint authentication, face authentication, etc. →Something You Are (fingerprint)
21 © Hitachi, Ltd. 2023. All rights reserv ed. Passkeys (Passwordless Authentication) Passkeys is authentication technology which synchronizes credentials between multi authenticators by Cloud Platform. Keycloak authenticates user with multi authenticators. • Users can use smart phones and PCs as authenticator. User When users lost or replace smart phone, users can use PC or new smart phone as authenticator without re-registration. Keycloak Authenticator (smart phone) challenge signature for challenge Authenticator (PC) Cloud Platform ✓ Improve user experience
© Hitachi, Ltd. 2023. All rights reserv ed. Contents 22 1. Importance of Authentication and Authorization 2. Introduction of Keycloak 3. Authentication for Cloud Native Applications with Keycloak 4. Authorization for Cloud Native Applications with Keycloak
23 © Hitachi, Ltd. 2023. All rights reserv ed. Authorization for Cloud Native Applications To support the following standard specifications is useful in terms of authorization for cloud native applications. • OAuth 2.0 • Financial-grade API (FAPI) 1.0 • OAuth 2.0 Device Authorization Grant
24 © Hitachi, Ltd. 2023. All rights reserv ed. OAuth 2.0 OAuth 2.0 is de-facto standard about issue of token which is essential for authorization. Keycloak issues tokens in compliance with OAuth 2.0. User 6. API request w/ access token xxx service Keycloak Client 0. use 7. API response 2. user authentication/authorization 1. authorization request via browser 4. token request 3. authorization response via browser 5. token response (including access token) There are attacks that cannot be prevented in OAuth 2.0.
25 © Hitachi, Ltd. 2023. All rights reserv ed. Specificationfor authorization by access token. It is a framework of authorization, but improperimplementation oftenleads to vulnerabilities. Financial-grade API (FAPI) 1.0 [1/4] OAuth 2.0 OIDC 1.0 FAPI 1.0 Some secure usage of OAuth 2.0 is introduced and OIDC 1.0 can be used for authentication by ID token. However, improperimplementationis still not restricted. Secure usage of OAuth 2.0/OIDC1.0 is described across the protocolflow, including usage of optional specificationof OAuth 2.0 (e.g. PKCE) and lower layer protocol(SSL/TLS) usage. FAPI 1.0 is a high-level API security specification describing secure usage of OAuth 2.0 and OpenID Connect (OIDC) 1.0.
26 © Hitachi, Ltd. 2023. All rights reserv ed. Financial-grade API (FAPI) 1.0 [2/4] OpenBanking using FAPI. [UK : OpenBanking] • OpenBanking Financial Grade API (FAPI) Profile • OpenBanking CIBA Profile [Australia : Consumer Data Right (CDR)] • Consumer Data Right Security Profile [Brazil : Open Banking Brasil] • Open Banking/Finance Brasil Financial-grade API Security Profile [Saudi Arabia : SAMA Open Banking] • OpenBanking Financial Grade API (FAPI) Profile
27 © Hitachi, Ltd. 2023. All rights reserv ed. Financial-grade API (FAPI) 1.0 [3/4] Keycloak prevents attacks that cannot be prevented in OAuth 2.0. • Users can use services securely. 6. API request w/ access token xxx service Client 7. API response Tampering of authorization request API request sent by the attacker is successful when attackers steal access token 1. authorization request via browser 4. token request Tampering of authorization response 3. authorization response via browser 5. token response (including access token) User Keycloak 0. use 2. user authentication/authorization
28 © Hitachi, Ltd. 2023. All rights reserv ed. Financial-grade API (FAPI) 1.0 [4/4] Keycloak prevents attacks that cannot be prevented in OAuth 2.0. • Users can use services securely. Client can detect tampering of authorization response Keycloak can detect tampering of authorization request xxx service can reject API request with stolen access token User 6. API request w/ access token xxx service Keycloak Client 0. use 7. API response Authorization response with signature Access token has information of the client certification 1. authorization request via browser 4. token request Authorization request with signature 2. user authentication/authorization 3. authorization response via browser 5. token response (including access token)
29 © Hitachi, Ltd. 2023. All rights reserv ed. OAuth 2.0 Device Authorization Grant [1/4] OAuth 2.0 device authorization grant is designed for IoT devices that either lack a browser or are input constrained text. Keycloak executes authorization even if clients don’t have browser. • Users can use IoT device as clients. xxx service Keycloak 0. use 1. device authorization request 2. device authorization response w/ verification_uri and user code User Client (smart TV) URI: https://… user code:xxx
30 © Hitachi, Ltd. 2023. All rights reserv ed. OAuth 2.0 Device Authorization Grant [2/4] OAuth 2.0 device authorization grant is designed for IoT devices that either lack a browser or are input constrained text. Keycloak executes authorization even if clients don’t have browser. • Users can use IoT device as clients. xxx service Keycloak 0. use 1. device authorization request 2. device authorization response w/ verification_uri and user code User smart phone Client (smart TV) URI: https://… user code:xxx 3. input
31 © Hitachi, Ltd. 2023. All rights reserv ed. OAuth 2.0 Device Authorization Grant [3/4] OAuth 2.0 device authorization grant is designed for IoT devices that either lack a browser or are input constrained text. Keycloak executes authorization even if clients don’t have browser. • Users can use IoT device as clients. xxx service Keycloak 0. use 1. device authorization request 3’. token request 2. device authorization response w/ verification_uri and user code 4’. token response (not including access token) User smart phone Client (smart TV) URI: https://… user code:xxx 3. input
32 © Hitachi, Ltd. 2023. All rights reserv ed. OAuth 2.0 Device Authorization Grant [4/4] OAuth 2.0 device authorization grant is designed for IoT devices that either lack a browser or are input constrained text. Keycloak executes authorization even if clients don’t have browser. • Users can use IoT device as clients. xxx service Keycloak 0. use 1. device authorization request 5. token request 2. device authorization response w/ verification_uri and user code 6. token response (including access token) User smart phone 4. user and user code authentication/authorization 7. API request w/ access token 8. API response Client (smart TV) URI: https://… user code:xxx 3. input
33 © Hitachi, Ltd. 2023. All rights reserv ed. Summary[1/2] • Authentication and Authorization is important. • Keycloak joined CNCF as an incubating project. ->Keycloak will be de-facto standard IAM product for CNCF ecosystem. • Authentication and Authorization for Cloud Native Applications with Keycloak. • Single Sign On (SSO) • Social Login • Multi-Factor Authentication (MFA) • WebAuthn (Passwordless Authentication) • Passkeys (Passwordless Authentication) • OAuth 2.0 • Financial-grade API (FAPI) 1.0 • OAuth 2.0 Device Authorization Grant Authentication Authorization
34 © Hitachi, Ltd. 2023. All rights reserv ed. Summary[2/2] • If you would like to know more about Keycloak, please see below. • Official documentation https://www.keycloak.org/documentation • GitHub https://github.com/keycloak/keycloak • Book written by the Keycloak project leader https://www.amazon.co.jp/Keycloak-Identity-Management-Applications-applications- ebook/dp/B0BPY1RDND?language=en_US&currency=USD
35 © Hitachi, Ltd. 2023. All rights reserv ed. Trademarks • OpenID is a trademark or registered trademark of OpenID Foundation in the United States and other countries. • GitHub is a trademark or registered trademarkof GitHub, Inc. in the United States and other countries. • Facebookis a trademark or registered trademark of Meta Platforms,Inc. in the United States and other countries. • Twitter is a trademark or registeredtrademark of X Corp.in the United States and other countries. • Microsoftis a trademark of the Microsoftgroup of companies. • Other brand names and product names used in this material are trademarks, registeredtrademarks, or trade names of their respective holders.
© Hitachi, Ltd. 2023. All rights reserv ed. Michito Okai 12/05/2023 Hitachi, Ltd. OSS Solution Center END Guide of authentication and authorization for cloud native applications with Keycloak 36
Guide of authentication and authorization for cloud native applications with Keycloak

Recommended

KubeConRecap_nakamura.pdf
KubeConRecap_nakamura.pdfKubeConRecap_nakamura.pdf
KubeConRecap_nakamura.pdfHitachi, Ltd. OSS Solution Center.
 
Implementing WebAuthn & FAPI supports on Keycloak
Implementing WebAuthn & FAPI supports on KeycloakImplementing WebAuthn & FAPI supports on Keycloak
Implementing WebAuthn & FAPI supports on KeycloakYuichi Nakamura
 
Implementing security and availability requirements for banking API system us...
Implementing security and availability requirements for banking API system us...Implementing security and availability requirements for banking API system us...
Implementing security and availability requirements for banking API system us...Hitachi, Ltd. OSS Solution Center.
 
DevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloak
DevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloakDevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloak
DevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloakHitachi, Ltd. OSS Solution Center.
 
Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ... Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ...Yuichi Nakamura
 
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...Hitachi, Ltd. OSS Solution Center.
 
Native Cloud-Native: Building Agile Microservices with the Micronaut Framework
Native Cloud-Native: Building Agile Microservices with the Micronaut FrameworkNative Cloud-Native: Building Agile Microservices with the Micronaut Framework
Native Cloud-Native: Building Agile Microservices with the Micronaut FrameworkZachary Klein
 
2011 NASA Open Source Summit - Forge.mil
2011 NASA Open Source Summit - Forge.mil2011 NASA Open Source Summit - Forge.mil
2011 NASA Open Source Summit - Forge.milNASA Open Government Initiative
 

Recommended

KubeConRecap_nakamura.pdf
KubeConRecap_nakamura.pdfKubeConRecap_nakamura.pdf
KubeConRecap_nakamura.pdfHitachi, Ltd. OSS Solution Center.
 
Implementing WebAuthn & FAPI supports on Keycloak
Implementing WebAuthn & FAPI supports on KeycloakImplementing WebAuthn & FAPI supports on Keycloak
Implementing WebAuthn & FAPI supports on KeycloakYuichi Nakamura
 
Implementing security and availability requirements for banking API system us...
Implementing security and availability requirements for banking API system us...Implementing security and availability requirements for banking API system us...
Implementing security and availability requirements for banking API system us...Hitachi, Ltd. OSS Solution Center.
 
DevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloak
DevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloakDevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloak
DevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloakHitachi, Ltd. OSS Solution Center.
 
Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ... Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ...Yuichi Nakamura
 
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...Hitachi, Ltd. OSS Solution Center.
 
Native Cloud-Native: Building Agile Microservices with the Micronaut Framework
Native Cloud-Native: Building Agile Microservices with the Micronaut FrameworkNative Cloud-Native: Building Agile Microservices with the Micronaut Framework
Native Cloud-Native: Building Agile Microservices with the Micronaut FrameworkZachary Klein
 
2011 NASA Open Source Summit - Forge.mil
2011 NASA Open Source Summit - Forge.mil2011 NASA Open Source Summit - Forge.mil
2011 NASA Open Source Summit - Forge.milNASA Open Government Initiative
 
44CON Hacking Enterprises
44CON Hacking Enterprises44CON Hacking Enterprises
44CON Hacking Enterprisesin.security Ltd.
 
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...APIsecure_ Official
 
Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?Hitachi, Ltd. OSS Solution Center.
 
Security Best Practices for Your Ignition System
Security Best Practices for Your Ignition SystemSecurity Best Practices for Your Ignition System
Security Best Practices for Your Ignition SystemInductive Automation
 
Blibli Web Application Security Policy Enforcement Point
Blibli Web Application Security Policy Enforcement Point Blibli Web Application Security Policy Enforcement Point
Blibli Web Application Security Policy Enforcement Point SARCCOM
 
chaitraresume
chaitraresumechaitraresume
chaitraresumeChaitra Shankar
 
Challenge to Implementing "Scalable" Authorization with Keycloak
Challenge to Implementing "Scalable" Authorization with KeycloakChallenge to Implementing "Scalable" Authorization with Keycloak
Challenge to Implementing "Scalable" Authorization with KeycloakHitachi, Ltd. OSS Solution Center.
 
WebAuthn & FIDO2
WebAuthn & FIDO2WebAuthn & FIDO2
WebAuthn & FIDO2Leonard Moustacchis
 
Log Analytics for Distributed Microservices
Log Analytics for Distributed MicroservicesLog Analytics for Distributed Microservices
Log Analytics for Distributed MicroservicesKai Wähner
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021lior mazor
 
Blockcerts: The Open Standard for Blockchain Credentials
Blockcerts: The Open Standard for Blockchain CredentialsBlockcerts: The Open Standard for Blockchain Credentials
Blockcerts: The Open Standard for Blockchain CredentialsSSIMeetup
 
Container security within Cisco Container Platform
Container security within Cisco Container PlatformContainer security within Cisco Container Platform
Container security within Cisco Container PlatformSanjeev Rampal
 
[2015-11월 정기 세미나] Cloud Native Platform - Pivotal
[2015-11월 정기 세미나] Cloud Native Platform - Pivotal[2015-11월 정기 세미나] Cloud Native Platform - Pivotal
[2015-11월 정기 세미나] Cloud Native Platform - PivotalOpenStack Korea Community
 
“How to Secure Your Applications With a Keycloak?
“How to Secure Your Applications With a Keycloak?“How to Secure Your Applications With a Keycloak?
“How to Secure Your Applications With a Keycloak?GlobalLogic Ukraine
 
apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...
apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...
apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...apidays
 
Enable Authentication and Authorization with Azure Active Directory and Sprin...
Enable Authentication and Authorization with Azure Active Directory and Sprin...Enable Authentication and Authorization with Azure Active Directory and Sprin...
Enable Authentication and Authorization with Azure Active Directory and Sprin...VMware Tanzu
 
What's New with Perfecto? - May 2017
What's New with Perfecto? - May 2017What's New with Perfecto? - May 2017
What's New with Perfecto? - May 2017Lizzy Guido (she/her)
 
RICOH THETA x IoT Developers Contest : Cloud API Seminar
RICOH THETA x IoT Developers Contest : Cloud API Seminar RICOH THETA x IoT Developers Contest : Cloud API Seminar
RICOH THETA x IoT Developers Contest : Cloud API Seminarcontest-theta360
 
ブロックチェーンの実用化に向けたネットワーク・スケーリング
ブロックチェーンの実用化に向けたネットワーク・スケーリングブロックチェーンの実用化に向けたネットワーク・スケーリング
ブロックチェーンの実用化に向けたネットワーク・スケーリングHyperleger Tokyo Meetup
 
APIdays London 2020: Toward certifying Financial-grade API security profile w...
APIdays London 2020: Toward certifying Financial-grade API security profile w...APIdays London 2020: Toward certifying Financial-grade API security profile w...
APIdays London 2020: Toward certifying Financial-grade API security profile w...Hitachi, Ltd. OSS Solution Center.
 
KeycloakのCNCF incubating project入りまでのアップストリーム活動の歩み
KeycloakのCNCF incubating project入りまでのアップストリーム活動の歩みKeycloakのCNCF incubating project入りまでのアップストリーム活動の歩み
KeycloakのCNCF incubating project入りまでのアップストリーム活動の歩みHitachi, Ltd. OSS Solution Center.
 
KubeCon NA 2023 Recap: Challenge to Implementing “Scalable” Authorization wit...
KubeCon NA 2023 Recap: Challenge to Implementing “Scalable” Authorization wit...KubeCon NA 2023 Recap: Challenge to Implementing “Scalable” Authorization wit...
KubeCon NA 2023 Recap: Challenge to Implementing “Scalable” Authorization wit...Hitachi, Ltd. OSS Solution Center.
 

More Related Content

Similar to Guide of authentication and authorization for cloud native applications with Keycloak

2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...APIsecure_ Official
 
Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?Hitachi, Ltd. OSS Solution Center.
 
Security Best Practices for Your Ignition System
Security Best Practices for Your Ignition SystemSecurity Best Practices for Your Ignition System
Security Best Practices for Your Ignition SystemInductive Automation
 
Blibli Web Application Security Policy Enforcement Point
Blibli Web Application Security Policy Enforcement Point Blibli Web Application Security Policy Enforcement Point
Blibli Web Application Security Policy Enforcement Point SARCCOM
 
Challenge to Implementing "Scalable" Authorization with Keycloak
Challenge to Implementing "Scalable" Authorization with KeycloakChallenge to Implementing "Scalable" Authorization with Keycloak
Challenge to Implementing "Scalable" Authorization with KeycloakHitachi, Ltd. OSS Solution Center.
 
Log Analytics for Distributed Microservices
Log Analytics for Distributed MicroservicesLog Analytics for Distributed Microservices
Log Analytics for Distributed MicroservicesKai Wähner
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021lior mazor
 
Blockcerts: The Open Standard for Blockchain Credentials
Blockcerts: The Open Standard for Blockchain CredentialsBlockcerts: The Open Standard for Blockchain Credentials
Blockcerts: The Open Standard for Blockchain CredentialsSSIMeetup
 
Container security within Cisco Container Platform
Container security within Cisco Container PlatformContainer security within Cisco Container Platform
Container security within Cisco Container PlatformSanjeev Rampal
 
[2015-11월 정기 세미나] Cloud Native Platform - Pivotal
[2015-11월 정기 세미나] Cloud Native Platform - Pivotal[2015-11월 정기 세미나] Cloud Native Platform - Pivotal
[2015-11월 정기 세미나] Cloud Native Platform - PivotalOpenStack Korea Community
 
“How to Secure Your Applications With a Keycloak?
“How to Secure Your Applications With a Keycloak?“How to Secure Your Applications With a Keycloak?
“How to Secure Your Applications With a Keycloak?GlobalLogic Ukraine
 
apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...
apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...
apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...apidays
 
Enable Authentication and Authorization with Azure Active Directory and Sprin...
Enable Authentication and Authorization with Azure Active Directory and Sprin...Enable Authentication and Authorization with Azure Active Directory and Sprin...
Enable Authentication and Authorization with Azure Active Directory and Sprin...VMware Tanzu
 
What's New with Perfecto? - May 2017
What's New with Perfecto? - May 2017What's New with Perfecto? - May 2017
What's New with Perfecto? - May 2017Lizzy Guido (she/her)
 
RICOH THETA x IoT Developers Contest : Cloud API Seminar
RICOH THETA x IoT Developers Contest : Cloud API Seminar RICOH THETA x IoT Developers Contest : Cloud API Seminar
RICOH THETA x IoT Developers Contest : Cloud API Seminarcontest-theta360
 
ブロックチェーンの実用化に向けたネットワーク・スケーリング
ブロックチェーンの実用化に向けたネットワーク・スケーリングブロックチェーンの実用化に向けたネットワーク・スケーリング
ブロックチェーンの実用化に向けたネットワーク・スケーリングHyperleger Tokyo Meetup
 
APIdays London 2020: Toward certifying Financial-grade API security profile w...
APIdays London 2020: Toward certifying Financial-grade API security profile w...APIdays London 2020: Toward certifying Financial-grade API security profile w...
APIdays London 2020: Toward certifying Financial-grade API security profile w...Hitachi, Ltd. OSS Solution Center.
 

Similar to Guide of authentication and authorization for cloud native applications with Keycloak (20)

44CON Hacking Enterprises
44CON Hacking Enterprises44CON Hacking Enterprises
44CON Hacking Enterprises
 
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
 
Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?
 
Security Best Practices for Your Ignition System
Security Best Practices for Your Ignition SystemSecurity Best Practices for Your Ignition System
Security Best Practices for Your Ignition System
 
Blibli Web Application Security Policy Enforcement Point
Blibli Web Application Security Policy Enforcement Point Blibli Web Application Security Policy Enforcement Point
Blibli Web Application Security Policy Enforcement Point
 
chaitraresume
chaitraresumechaitraresume
chaitraresume
 
Challenge to Implementing "Scalable" Authorization with Keycloak
Challenge to Implementing "Scalable" Authorization with KeycloakChallenge to Implementing "Scalable" Authorization with Keycloak
Challenge to Implementing "Scalable" Authorization with Keycloak
 
WebAuthn & FIDO2
WebAuthn & FIDO2WebAuthn & FIDO2
WebAuthn & FIDO2
 
Log Analytics for Distributed Microservices
Log Analytics for Distributed MicroservicesLog Analytics for Distributed Microservices
Log Analytics for Distributed Microservices
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021
 
Blockcerts: The Open Standard for Blockchain Credentials
Blockcerts: The Open Standard for Blockchain CredentialsBlockcerts: The Open Standard for Blockchain Credentials
Blockcerts: The Open Standard for Blockchain Credentials
 
Container security within Cisco Container Platform
Container security within Cisco Container PlatformContainer security within Cisco Container Platform
Container security within Cisco Container Platform
 
[2015-11월 정기 세미나] Cloud Native Platform - Pivotal
[2015-11월 정기 세미나] Cloud Native Platform - Pivotal[2015-11월 정기 세미나] Cloud Native Platform - Pivotal
[2015-11월 정기 세미나] Cloud Native Platform - Pivotal
 
“How to Secure Your Applications With a Keycloak?
“How to Secure Your Applications With a Keycloak?“How to Secure Your Applications With a Keycloak?
“How to Secure Your Applications With a Keycloak?
 
apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...
apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...
apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...
 
Enable Authentication and Authorization with Azure Active Directory and Sprin...
Enable Authentication and Authorization with Azure Active Directory and Sprin...Enable Authentication and Authorization with Azure Active Directory and Sprin...
Enable Authentication and Authorization with Azure Active Directory and Sprin...
 
What's New with Perfecto? - May 2017
What's New with Perfecto? - May 2017What's New with Perfecto? - May 2017
What's New with Perfecto? - May 2017
 
RICOH THETA x IoT Developers Contest : Cloud API Seminar
RICOH THETA x IoT Developers Contest : Cloud API Seminar RICOH THETA x IoT Developers Contest : Cloud API Seminar
RICOH THETA x IoT Developers Contest : Cloud API Seminar
 
ブロックチェーンの実用化に向けたネットワーク・スケーリング
ブロックチェーンの実用化に向けたネットワーク・スケーリングブロックチェーンの実用化に向けたネットワーク・スケーリング
ブロックチェーンの実用化に向けたネットワーク・スケーリング
 
APIdays London 2020: Toward certifying Financial-grade API security profile w...
APIdays London 2020: Toward certifying Financial-grade API security profile w...APIdays London 2020: Toward certifying Financial-grade API security profile w...
APIdays London 2020: Toward certifying Financial-grade API security profile w...
 

More from Hitachi, Ltd. OSS Solution Center.

KeycloakのCNCF incubating project入りまでのアップストリーム活動の歩み
KeycloakのCNCF incubating project入りまでのアップストリーム活動の歩みKeycloakのCNCF incubating project入りまでのアップストリーム活動の歩み
KeycloakのCNCF incubating project入りまでのアップストリーム活動の歩みHitachi, Ltd. OSS Solution Center.
 
KubeCon NA 2023 Recap: Challenge to Implementing “Scalable” Authorization wit...
KubeCon NA 2023 Recap: Challenge to Implementing “Scalable” Authorization wit...KubeCon NA 2023 Recap: Challenge to Implementing “Scalable” Authorization wit...
KubeCon NA 2023 Recap: Challenge to Implementing “Scalable” Authorization wit...Hitachi, Ltd. OSS Solution Center.
 
パスキーでリードする: NGINXとKeycloakによる効率的な認証・認可
パスキーでリードする: NGINXとKeycloakによる効率的な認証・認可パスキーでリードする: NGINXとKeycloakによる効率的な認証・認可
パスキーでリードする: NGINXとKeycloakによる効率的な認証・認可Hitachi, Ltd. OSS Solution Center.
 
Keycloakの全体像: 基本概念、ユースケース、そして最新の開発動向
Keycloakの全体像: 基本概念、ユースケース、そして最新の開発動向Keycloakの全体像: 基本概念、ユースケース、そして最新の開発動向
Keycloakの全体像: 基本概念、ユースケース、そして最新の開発動向Hitachi, Ltd. OSS Solution Center.
 
KeycloakでFAPIに対応した高セキュリティなAPIを公開する
KeycloakでFAPIに対応した高セキュリティなAPIを公開するKeycloakでFAPIに対応した高セキュリティなAPIを公開する
KeycloakでFAPIに対応した高セキュリティなAPIを公開するHitachi, Ltd. OSS Solution Center.
 
What API Specifications and Tools Help Engineers to Construct a High-Security...
What API Specifications and Tools Help Engineers to Construct a High-Security...What API Specifications and Tools Help Engineers to Construct a High-Security...
What API Specifications and Tools Help Engineers to Construct a High-Security...Hitachi, Ltd. OSS Solution Center.
 
Overall pictures of Identity provider mix-up attack patterns and trade-offs b...
Overall pictures of Identity provider mix-up attack patterns and trade-offs b...Overall pictures of Identity provider mix-up attack patterns and trade-offs b...
Overall pictures of Identity provider mix-up attack patterns and trade-offs b...Hitachi, Ltd. OSS Solution Center.
 
最近のKeycloakのご紹介 ~クライアントポリシーとFAPI~
最近のKeycloakのご紹介 ~クライアントポリシーとFAPI~最近のKeycloakのご紹介 ~クライアントポリシーとFAPI~
最近のKeycloakのご紹介 ~クライアントポリシーとFAPI~Hitachi, Ltd. OSS Solution Center.
 

More from Hitachi, Ltd. OSS Solution Center. (20)

KeycloakのCNCF incubating project入りまでのアップストリーム活動の歩み
KeycloakのCNCF incubating project入りまでのアップストリーム活動の歩みKeycloakのCNCF incubating project入りまでのアップストリーム活動の歩み
KeycloakのCNCF incubating project入りまでのアップストリーム活動の歩み
 
KubeCon NA 2023 Recap: Challenge to Implementing “Scalable” Authorization wit...
KubeCon NA 2023 Recap: Challenge to Implementing “Scalable” Authorization wit...KubeCon NA 2023 Recap: Challenge to Implementing “Scalable” Authorization wit...
KubeCon NA 2023 Recap: Challenge to Implementing “Scalable” Authorization wit...
 
パスキーでリードする: NGINXとKeycloakによる効率的な認証・認可
パスキーでリードする: NGINXとKeycloakによる効率的な認証・認可パスキーでリードする: NGINXとKeycloakによる効率的な認証・認可
パスキーでリードする: NGINXとKeycloakによる効率的な認証・認可
 
Keycloakの全体像: 基本概念、ユースケース、そして最新の開発動向
Keycloakの全体像: 基本概念、ユースケース、そして最新の開発動向Keycloakの全体像: 基本概念、ユースケース、そして最新の開発動向
Keycloakの全体像: 基本概念、ユースケース、そして最新の開発動向
 
NGINXでの認可について考える
NGINXでの認可について考えるNGINXでの認可について考える
NGINXでの認可について考える
 
Security Considerations for API Gateway Aggregation
Security Considerations for API Gateway AggregationSecurity Considerations for API Gateway Aggregation
Security Considerations for API Gateway Aggregation
 
KeycloakでFAPIに対応した高セキュリティなAPIを公開する
KeycloakでFAPIに対応した高セキュリティなAPIを公開するKeycloakでFAPIに対応した高セキュリティなAPIを公開する
KeycloakでFAPIに対応した高セキュリティなAPIを公開する
 
IDガバナンス&管理の基礎
IDガバナンス&管理の基礎IDガバナンス&管理の基礎
IDガバナンス&管理の基礎
 
Keycloakのステップアップ認証について
Keycloakのステップアップ認証についてKeycloakのステップアップ認証について
Keycloakのステップアップ認証について
 
NGINXをBFF (Backend for Frontend)として利用した話
NGINXをBFF (Backend for Frontend)として利用した話NGINXをBFF (Backend for Frontend)として利用した話
NGINXをBFF (Backend for Frontend)として利用した話
 
KeycloakでAPI認可に入門する
KeycloakでAPI認可に入門するKeycloakでAPI認可に入門する
KeycloakでAPI認可に入門する
 
What API Specifications and Tools Help Engineers to Construct a High-Security...
What API Specifications and Tools Help Engineers to Construct a High-Security...What API Specifications and Tools Help Engineers to Construct a High-Security...
What API Specifications and Tools Help Engineers to Construct a High-Security...
 
Overall pictures of Identity provider mix-up attack patterns and trade-offs b...
Overall pictures of Identity provider mix-up attack patterns and trade-offs b...Overall pictures of Identity provider mix-up attack patterns and trade-offs b...
Overall pictures of Identity provider mix-up attack patterns and trade-offs b...
 
Apache con@home 2021_sha
Apache con@home 2021_shaApache con@home 2021_sha
Apache con@home 2021_sha
 
Node-RED Installer, Standalone Installer using Electron
Node-RED Installer, Standalone Installer using ElectronNode-RED Installer, Standalone Installer using Electron
Node-RED Installer, Standalone Installer using Electron
 
Hacktoberfest 概要、Node-REDプロジェクト貢献手順
Hacktoberfest 概要、Node-REDプロジェクト貢献手順Hacktoberfest 概要、Node-REDプロジェクト貢献手順
Hacktoberfest 概要、Node-REDプロジェクト貢献手順
 
最近のKeycloakのご紹介 ~クライアントポリシーとFAPI~
最近のKeycloakのご紹介 ~クライアントポリシーとFAPI~最近のKeycloakのご紹介 ~クライアントポリシーとFAPI~
最近のKeycloakのご紹介 ~クライアントポリシーとFAPI~
 
Node-RED v2.0新機能紹介
Node-RED v2.0新機能紹介Node-RED v2.0新機能紹介
Node-RED v2.0新機能紹介
 
Node-REDからREST APIに接続
Node-REDからREST APIに接続Node-REDからREST APIに接続
Node-REDからREST APIに接続
 
Node-RED v1.3新機能紹介
Node-RED v1.3新機能紹介Node-RED v1.3新機能紹介
Node-RED v1.3新機能紹介
 

Recently uploaded

The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 

Recently uploaded (20)

The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 

Guide of authentication and authorization for cloud native applications with Keycloak

  • 1. © Hitachi, Ltd. 2023. All rights reserv ed. Guide of authentication and authorization for cloud native applications with Keycloak Open Source Summit Japan 2023 Hitachi, Ltd. OSS Solution Center 12/05/2023 Michito Okai
  • 2. 1 © Hitachi, Ltd. 2023. All rights reserv ed. About the speaker • Specialist in authentication and authorization ➢ Engaged in authentication and authorization technical support • Contributor of Keycloak which is Identity and Access Management (IAM) OSS ➢ OAuth 2.0 Device Authorization Grant [RFC8628] ➢ Performance improvement ➢ Security improvement for tokens • Other activities ➢ Writer of web articles about IAM (Japanese) Michito Okai ➢ Software Engineer ➢ Hitachi, Ltd. ➢ GitHub: @Michito-Okai
  • 3. © Hitachi, Ltd. 2023. All rights reserv ed. 1. Importance of Authentication and Authorization 2. Introduction of Keycloak 3. Authentication for Cloud Native Applications with Keycloak Contents 2 4. Authorization for Cloud Native Applications with Keycloak
  • 4. © Hitachi, Ltd. 2023. All rights reserv ed. Contents 3 1. Importance of Authentication and Authorization 2. Introduction of Keycloak 3. Authentication for Cloud Native Applications with Keycloak 4. Authorization for Cloud Native Applications with Keycloak
  • 5. 4 © Hitachi, Ltd. 2023. All rights reserv ed. What is Authentication and Authorization Authorization is the process of verifying if user can access the requested API. ? Authenticated Authorized Authentication is the process of verifying the user (client) who (which) is requesting API. can access? ? API can access? ? API Michito Okai can access? ? API Michito Okai can access API Michito Okai
  • 6. 5 © Hitachi, Ltd. 2023. All rights reserv ed. Security risks about “Authentication” and “Authorization” in OWASP Top 10. * OWASP Top 10 2021 https://owasp.org/Top10/ #7 Identificationand AuthenticationFailures Security risks about “Authentication” and “Authorization” in OWASP Top 10 API Security. * OWASP Top 10 API Security Risks - 2023 https://owasp.org/API-Security/editions/2023/en/0x11-t10/ #2 BrokenAuthentication Security Risks about Authentication and Authorization in OWASP Top 10 and OWASP Top 10 API Security #1 BrokenAccess Control #1 BrokenObjectLevel Authorization #5 BrokenFunction Level Authorization #3 BrokenObjectProperty LevelAuthorization It is important to minimize security risks by implementing appropriate authentication and authorization.
  • 7. © Hitachi, Ltd. 2023. All rights reserv ed. Contents 6 1. Importance of Authentication and Authorization 2. Introduction of Keycloak 3. Authentication for Cloud Native Applications with Keycloak 4. Authorization for Cloud Native Applications with Keycloak
  • 8. 7 © Hitachi, Ltd. 2023. All rights reserv ed. Major features ⚫ Support standard specifications. ex. OAuth 2.0, OpenID Connect 1.0, SAML v2, … ⚫ Login with social media. ⚫ Connect to existing user stores. ex. LDAP, Active Directory, … What is Keycloak • Keycloak is Identity and Access Management (IAM) OSS. Supporting Standard Specifications Keycloak LDAP Active Directory RDB OpenID Connect 1.0 SAML v2 GitHub Twitter Facebook Identity Management Social Login OAuth 2.0
  • 9. 8 © Hitachi, Ltd. 2023. All rights reserv ed. Keycloak for Cloud Native Environments Keycloak has two advantages for cloud native environments. 1. Easy deployment on Kubernetes 2. Suitable for container environments Keycloak changed based distribution from Wildfly to Quarkus. • Keycloak starting time has been fast from 13.5 second to 8.7 second* • Memory consumption of Keycloak at starting has been less from 407 MB to 234 MB* Quick scaling is possible There are two ways to deploy Keycloak on Kubernetes. ① Using docker image ② Using Keycloak operator * https://thinkit.co.jp/article/22308
  • 10. 9 © Hitachi, Ltd. 2023. All rights reserv ed. Keycloak joined CNCF as incubating project In April 2023, Keycloak joined CNCF as an incubating project. Keycloak will be de-facto standard IAM products for CNCF ecosystem.
  • 11. 10 © Hitachi, Ltd. 2023. All rights reserv ed. Minimization of Security Risks with Keycloak [1/3] There are two important things to implement authentication and authorization and to minimize security risks. • Support standard specifications recommended by best current practice (BCP) to protect from current attack methods • Continue to support specifications recommended by new BCP to protect from new evolved attack methods Keycloak satisfies the above two important things. Time BCP attack methods new attack methods new attack methods new BCP new BCP evolve evolve evolve evolve now
  • 12. 11 © Hitachi, Ltd. 2023. All rights reserv ed. Minimization of Security Risks with Keycloak [2/3] Keycloak adheres the following standard specifications. * OAuth 2.0 Security Best Current Practice Draft 24. There are two important things to implement authentication and authorization and to minimize security risks. • Support standard specifications recommended by best current practice (BCP) to protect from current attack methods • Continue to support specifications recommended by new BCP to protect from new evolved attack methods OK Keycloak supports OAuth OIDC [OpenID Connect Core], [OpenID Connect Discovery], [Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)] BCP* [RFC6749], [RFC6750], [RFC7636], [RFC9126], [OAuth 2.0 Form Post Response Mode] [RFC7009], [RFC7592], [RFC7662], [RFC8626], [RFC8705] [OpenID Connect Dynamic Registration], [Financial-grade API: Client Initiated Backchannel Authentication Profile]
  • 13. 12 © Hitachi, Ltd. 2023. All rights reserv ed. Minimization of Security Risks with Keycloak [3/3] Keycloak is quick to support standard specifications. • Keycloak has OAuth SIG (Special Interest Group) which implements security standard specifications related to OAuth or OpenID Foundation. -> Specialists of OAuth SIG discuss implementing standard specifications once a month. • The number of author in GitHub for one year is 311*1 and Keycloak ranked in 7th in terms of the fastest-growing contributor counts*2. -> It is expected that the community including OAuth SIG will continue to be active. There are two important things to implement authentication and authorization and to minimize security risks. • Support standard specifications recommended by best current practice (BCP) to protect from current attack methods • Continue to support specifications recommended by new BCP to protect from new evolved attack methods OK *1 https://www.cncf.io/blog/2023/10/27/october-2023-where-we-are-with-velocity-of-cncf-lf-and-top-30-open-source-projects/ *2 https://octoverse.github.com/2022/state-of-open-source
  • 14. © Hitachi, Ltd. 2023. All rights reserv ed. Contents 13 1. Importance of Authentication and Authorization 2. Introduction of Keycloak 3. Authentication for Cloud Native Applications with Keycloak 4. Authorization for Cloud Native Applications with Keycloak
  • 15. 14 © Hitachi, Ltd. 2023. All rights reserv ed. Authentication for Cloud Native Applications The following functions are useful in terms of authentication for cloud native applications • Single Sign On (SSO) • Social Login • Multi-Factor Authentication (MFA) • WebAuthn (Passwordless Authentication) • Passkeys (Passwordless Authentication)
  • 16. 15 © Hitachi, Ltd. 2023. All rights reserv ed. Single Sign On (SSO) Single Sign On (SSO) is a system that allows you to use multiple applications with one login. Keycloak enables SSO by cookie authentication. • Users do not have to input and manage username and password for each application Username: Password: Login Username: Password: Login Username: Password: Login User Username: Password: Login Cloud native application Cloud native application Cloud native application Cloud native application Cloud native application Cloud native application Keycloak User
  • 17. 16 © Hitachi, Ltd. 2023. All rights reserv ed. Social Login Social Login is logging in services using account of social media. Keycloak allows users to use account of social media such as GitHub, Facebook, Twitter and Microsoft and so on. • Users do not have to input user information such as name, address, e-mail, telephone number and password and manage username and password. User Username: Password: Login Login with GitHub Login with Facebook Keycloak Facebook Username: Password: Login GitHub Username: Password: Login Cloud native application Cloud native application Cloud native application
  • 18. 17 © Hitachi, Ltd. 2023. All rights reserv ed. Multi-Factor Authentication (MFA) [1/2] Multi-Factor Authentication (MFA) is authenticating by using two or more of the following three. • Something You Know (ex: password) • Something You Have (ex: authenticator) • Something You Are (ex: fingerprint) Keycloak authenticates using Something You Know and Something You Have. 0. Register authenticator Username: Password: Login User 1. Password authentication Keycloak One Time Password Submit 2. One time password authentication Something You Know (password) Something You Have (authenticator) Authenticator
  • 19. 18 © Hitachi, Ltd. 2023. All rights reserv ed. Multi-Factor Authentication (MFA) [2/2] Keycloak prevents illegal authentication even if attacker succeeds in password authentication by an attack method such as dictionary attack, password list-based attack, brute-force attack and reverse brute-force attack. Attacker Keycloak Password authentication succeeds because attacker knows username and password. One time Password authentication fails because attacker does not have authenticator. 2. One time password authentication 1. Password authentication Username: Password: Login One Time Password Submit
  • 20. 19 © Hitachi, Ltd. 2023. All rights reserv ed. WebAuthn (PasswordlessAuthentication) [1/2] WebAuthn is authentication technology which enables passwordless authentication and MFA. Keycloak authenticates user without password. • Users do not need to remember complex passwords. • Phishing can be prevented in Keycloak. User challenge Fingerprint authentication, face authentication, etc. →Something You Are (fingerprint) Verify the signature. → Something You Have (authenticator) Keycloak Authenticator (smart phone) signature for challenge Username: Password: Login
  • 21. 20 © Hitachi, Ltd. 2023. All rights reserv ed. WebAuthn (PasswordlessAuthentication) [2/2] WebAuthn is authentication technology which enables passwordless authentication and MFA. Keycloak authenticates user without password. • Users do not need to remember complex passwords. • Phishing can be prevented in Keycloak. User Signature verification fails because challenges 3 and 4 are different. Keycloak Attacker Authenticator (smart phone) 1. challenge 2. signature for challenge 4. signature for challenge 3. challenge Fingerprint authentication, face authentication, etc. →Something You Are (fingerprint)
  • 22. 21 © Hitachi, Ltd. 2023. All rights reserv ed. Passkeys (Passwordless Authentication) Passkeys is authentication technology which synchronizes credentials between multi authenticators by Cloud Platform. Keycloak authenticates user with multi authenticators. • Users can use smart phones and PCs as authenticator. User When users lost or replace smart phone, users can use PC or new smart phone as authenticator without re-registration. Keycloak Authenticator (smart phone) challenge signature for challenge Authenticator (PC) Cloud Platform ✓ Improve user experience
  • 23. © Hitachi, Ltd. 2023. All rights reserv ed. Contents 22 1. Importance of Authentication and Authorization 2. Introduction of Keycloak 3. Authentication for Cloud Native Applications with Keycloak 4. Authorization for Cloud Native Applications with Keycloak
  • 24. 23 © Hitachi, Ltd. 2023. All rights reserv ed. Authorization for Cloud Native Applications To support the following standard specifications is useful in terms of authorization for cloud native applications. • OAuth 2.0 • Financial-grade API (FAPI) 1.0 • OAuth 2.0 Device Authorization Grant
  • 25. 24 © Hitachi, Ltd. 2023. All rights reserv ed. OAuth 2.0 OAuth 2.0 is de-facto standard about issue of token which is essential for authorization. Keycloak issues tokens in compliance with OAuth 2.0. User 6. API request w/ access token xxx service Keycloak Client 0. use 7. API response 2. user authentication/authorization 1. authorization request via browser 4. token request 3. authorization response via browser 5. token response (including access token) There are attacks that cannot be prevented in OAuth 2.0.
  • 26. 25 © Hitachi, Ltd. 2023. All rights reserv ed. Specificationfor authorization by access token. It is a framework of authorization, but improperimplementation oftenleads to vulnerabilities. Financial-grade API (FAPI) 1.0 [1/4] OAuth 2.0 OIDC 1.0 FAPI 1.0 Some secure usage of OAuth 2.0 is introduced and OIDC 1.0 can be used for authentication by ID token. However, improperimplementationis still not restricted. Secure usage of OAuth 2.0/OIDC1.0 is described across the protocolflow, including usage of optional specificationof OAuth 2.0 (e.g. PKCE) and lower layer protocol(SSL/TLS) usage. FAPI 1.0 is a high-level API security specification describing secure usage of OAuth 2.0 and OpenID Connect (OIDC) 1.0.
  • 27. 26 © Hitachi, Ltd. 2023. All rights reserv ed. Financial-grade API (FAPI) 1.0 [2/4] OpenBanking using FAPI. [UK : OpenBanking] • OpenBanking Financial Grade API (FAPI) Profile • OpenBanking CIBA Profile [Australia : Consumer Data Right (CDR)] • Consumer Data Right Security Profile [Brazil : Open Banking Brasil] • Open Banking/Finance Brasil Financial-grade API Security Profile [Saudi Arabia : SAMA Open Banking] • OpenBanking Financial Grade API (FAPI) Profile
  • 28. 27 © Hitachi, Ltd. 2023. All rights reserv ed. Financial-grade API (FAPI) 1.0 [3/4] Keycloak prevents attacks that cannot be prevented in OAuth 2.0. • Users can use services securely. 6. API request w/ access token xxx service Client 7. API response Tampering of authorization request API request sent by the attacker is successful when attackers steal access token 1. authorization request via browser 4. token request Tampering of authorization response 3. authorization response via browser 5. token response (including access token) User Keycloak 0. use 2. user authentication/authorization
  • 29. 28 © Hitachi, Ltd. 2023. All rights reserv ed. Financial-grade API (FAPI) 1.0 [4/4] Keycloak prevents attacks that cannot be prevented in OAuth 2.0. • Users can use services securely. Client can detect tampering of authorization response Keycloak can detect tampering of authorization request xxx service can reject API request with stolen access token User 6. API request w/ access token xxx service Keycloak Client 0. use 7. API response Authorization response with signature Access token has information of the client certification 1. authorization request via browser 4. token request Authorization request with signature 2. user authentication/authorization 3. authorization response via browser 5. token response (including access token)
  • 30. 29 © Hitachi, Ltd. 2023. All rights reserv ed. OAuth 2.0 Device Authorization Grant [1/4] OAuth 2.0 device authorization grant is designed for IoT devices that either lack a browser or are input constrained text. Keycloak executes authorization even if clients don’t have browser. • Users can use IoT device as clients. xxx service Keycloak 0. use 1. device authorization request 2. device authorization response w/ verification_uri and user code User Client (smart TV) URI: https://… user code:xxx
  • 31. 30 © Hitachi, Ltd. 2023. All rights reserv ed. OAuth 2.0 Device Authorization Grant [2/4] OAuth 2.0 device authorization grant is designed for IoT devices that either lack a browser or are input constrained text. Keycloak executes authorization even if clients don’t have browser. • Users can use IoT device as clients. xxx service Keycloak 0. use 1. device authorization request 2. device authorization response w/ verification_uri and user code User smart phone Client (smart TV) URI: https://… user code:xxx 3. input
  • 32. 31 © Hitachi, Ltd. 2023. All rights reserv ed. OAuth 2.0 Device Authorization Grant [3/4] OAuth 2.0 device authorization grant is designed for IoT devices that either lack a browser or are input constrained text. Keycloak executes authorization even if clients don’t have browser. • Users can use IoT device as clients. xxx service Keycloak 0. use 1. device authorization request 3’. token request 2. device authorization response w/ verification_uri and user code 4’. token response (not including access token) User smart phone Client (smart TV) URI: https://… user code:xxx 3. input
  • 33. 32 © Hitachi, Ltd. 2023. All rights reserv ed. OAuth 2.0 Device Authorization Grant [4/4] OAuth 2.0 device authorization grant is designed for IoT devices that either lack a browser or are input constrained text. Keycloak executes authorization even if clients don’t have browser. • Users can use IoT device as clients. xxx service Keycloak 0. use 1. device authorization request 5. token request 2. device authorization response w/ verification_uri and user code 6. token response (including access token) User smart phone 4. user and user code authentication/authorization 7. API request w/ access token 8. API response Client (smart TV) URI: https://… user code:xxx 3. input
  • 34. 33 © Hitachi, Ltd. 2023. All rights reserv ed. Summary[1/2] • Authentication and Authorization is important. • Keycloak joined CNCF as an incubating project. ->Keycloak will be de-facto standard IAM product for CNCF ecosystem. • Authentication and Authorization for Cloud Native Applications with Keycloak. • Single Sign On (SSO) • Social Login • Multi-Factor Authentication (MFA) • WebAuthn (Passwordless Authentication) • Passkeys (Passwordless Authentication) • OAuth 2.0 • Financial-grade API (FAPI) 1.0 • OAuth 2.0 Device Authorization Grant Authentication Authorization
  • 35. 34 © Hitachi, Ltd. 2023. All rights reserv ed. Summary[2/2] • If you would like to know more about Keycloak, please see below. • Official documentation https://www.keycloak.org/documentation • GitHub https://github.com/keycloak/keycloak • Book written by the Keycloak project leader https://www.amazon.co.jp/Keycloak-Identity-Management-Applications-applications- ebook/dp/B0BPY1RDND?language=en_US&currency=USD
  • 36. 35 © Hitachi, Ltd. 2023. All rights reserv ed. Trademarks • OpenID is a trademark or registered trademark of OpenID Foundation in the United States and other countries. • GitHub is a trademark or registered trademarkof GitHub, Inc. in the United States and other countries. • Facebookis a trademark or registered trademark of Meta Platforms,Inc. in the United States and other countries. • Twitter is a trademark or registeredtrademark of X Corp.in the United States and other countries. • Microsoftis a trademark of the Microsoftgroup of companies. • Other brand names and product names used in this material are trademarks, registeredtrademarks, or trade names of their respective holders.
  • 37. © Hitachi, Ltd. 2023. All rights reserv ed. Michito Okai 12/05/2023 Hitachi, Ltd. OSS Solution Center END Guide of authentication and authorization for cloud native applications with Keycloak 36