How to secure your Microservices with Keycloak - Thomas Darimont
Vložit
- čas přidán 24. 06. 2019
- Voxxed Days Luxembourg 2019
Room: Linux
Type: Conference
Title: How to secure your Microservices with Keycloak
Speaker: Thomas Darimont (codecentric AG) - Věda a technologie
One of the best explanation of SSO in Keycloak using OIDC I've ever seen
02:22 Overview
05:28 Features
09:02 Main Concepts
11:48 Quick Tour - Admin Console
12:43 Admin Console Demo - Configure
19:00 Admin Console Demo - Manage
20:12 Technology Stack
22:04 Server Architecture
24:59 SSO with OIDC
29:34 Keycloak Tokens
33:22 JSON Web Tokens
34:42 JWT Example
36:39 Calling Backend Services with Access Token
39:17 Keycloak Client Integrations
41:25 Keycloak Demo - Securing Apps
41:28 Demo Environment
41:54 Demo Services
45:35 Demo Applications
47:10 Github Repository
47:55 Keycloak in the field
51:54 Summary
53:05 Keycloak Extension Playground
Finaly i got best of explanation about SSO with Keycloak
big thanks
This was great!!! Completely answered questions I had about backend validating tokens
Thanks a lot Thomas. One of the best sessions I watched in recent times. Very informative. Learned a lot. Will definitely give a try.
Hat's off to you Thomas; truly great insight on KeyCloak and its capabilities. I was badly looking for AD/ADFS integration and was not getting right pointers. Thank you very much; you are a great professional !!!
Great demo! I learned a lot of stuff, not just keycloak.
I kinda feel that Keycloak can be a great substitute for Auth0.
Thanks. Well prepared, well presented, Informative demo and presentation. Learned a lot in this session.
Great introduction! Thank you Thomas!
Awesome presentation. Thanks Thomas :D
Great. A very useful demo covering almost everything that we need to secure applications using Keycloak. Thanks a lot.
A very good introduction and overview! Just what I was looking for to start with Keycloak! Vielen Dank!!
i love it how he pronounces single sign on as "sing a song"
Thank you very much. That was a great session
Great talk. Thanks, Thomas.
Awesome Video! Very helpful content. You also did a great job explaining! Thank you!
great info and very good demo! thanks thomas!
Great Demo!!!Learned a lot
Requesiting for few more videos on keycloak with indepth explanation to expertise in keycloak
Simply awesome. Thank you so much!
Thanks for summing up a lot of info within an hour!
Great demo ! Thanks
Hello, thanks a lot for the great presentation. Just to add, if you want the ability to revoke Access Tokens before they expire, you can use the introspection endpoint instead of checking the signature.
This looks awesome! Thank you!
Very informative tutorial. Many concepts are clearly explained. I played the video at the speed of 0.75x.
Great talk! Thanks
Nice presentation.
Simply Awesome
Spectacular Demo
Awesome product.
Quite amazing!
Great Demo!!
Great talk!
that's realy great
Thanks for the useful video. I am facing configuring public IP addresses on keycloak. would you mind telling if any specific configuration needs to be noted?
Do we need to define security constraint in application.yml?
Can we add into the access token, the location of the original request? Like, the application where the login was initiated from?
For anyone curious as to why they cannot find Keycloak Gatekeeper anymore, it was moved out of the Keycloak governance group earlier in 2020. Details can be found here: groups.google.com/forum/#!topic/keycloak-dev/oDyw94BWxM0
Keycloak helped us in our application. The only downside i have seen is that there are many options and you need good jargon knowledge.
Thanks, great demo. I have a question, I've my react-front and back-spring-api securized with keycloak. Why when I logout from react-app or close all session in keycloak admin console before that the token expire, I still can call rest api backend using the previous token generated at login moment (postman)?
*backend-spring-api config*
_"client-id": "my-public-client",_
_"bearer-only": true,_
_"auth-server-url": "localhost:8180/auth",_
_"realm": "my-realm"_
Hi! I see it's been a while, but for those with the same question:
So, when a user logs out in the browser the JWT it uses isn't really invalidated, it's just removed from the browser's memory. When we are talking about a client like Postman, this means nothing, and the jwt will remains valid until it's expiration. To circumvent, you could shorten the expiration or implement in backend a verification of valid/invalid sessions
Let's say it's an Order API and I want to see only my Order and I should not have access to modify my Order. However, a Sales Agent can.
Is it possible using keycloak?
Where can I find the slides?
hi, you are doing great job, if posible please make tutorilas on flask keycloak integration.. thank you
Unfortunately this is the old keycloak version. Many things have changed, especially the UI.
Right?
noice
46:55 "Zack" hehe
Great! Really impressive! Now rewrite it in golang! Basically every application I am dealing with need this functionality the problem is jboss, Jboss, or any other "container", it is orrible I dont wanna have it around never, at least rewrite it to run without jboss and will be ok for me.
Looking forward to your pull request
Bye bye Auth0