Building secure applications with keycloak (OIDC/JWT)
Submitted by Abhishek koserwal (@akoserwal) on Saturday, 22 September 2018
Building an enterprise level single sign-on application with the help of keycloak (Open Source Identity and Access Management).
And understanding the way to secure your application; frontend & backend API’s. Managing user federation with minimum configuration.
Overview to Keycloak (Open Source Identity and Access Management)
- Concepts: realm, client ID configuration, OIDC/SAML, security etc - Keycloak adapters (which & why?) - Understanding Json Web Token (JWT). - Integrating frontend(Angular/React) with keycloak adapter. - JWT Validation at backend & securing API end-points - Access token/refresh token
I am Abhishek Koserwal, working as full-stack engineer at Redhat. Building full-stack applications (angular/react, spring-boot) based on principles of cloud native container design principles on Openshift platform. Invovles various redhat external/internal business application. We heavily use keycloak for securing our enterprise applications & implemented in production application.