Gain a practical understanding of Keycloak to enable authentication and authorization in applications while leveraging the additional features provided by Keycloak.

Key Features

• A beginners’ guide to Keycloak focussed on understanding Identity and Access Management
• Implement authentication and authorization in applications using Keycloak 22
• Utilize Keycloak in securing applications developed by you and the existing applications in your enterprise

Book Description

The second edition of Keycloak - Identity and Access Management for Modern Applications is an updated, comprehensive introduction to Keycloak and its updates.

In this new edition, you will learn how to use the latest distribution of Keycloak. The recent versions of Keycloak are now based on Quarkus, which brings a new and improved user experience and a new admin console with a higher focus on usability. You will see how to leverage Spring Security, instead of the Keycloak Spring adapter while using Keycloak 22. As you progress, you’ll understand the new Keycloak distribution and explore best practices in using OAuth. Finally, you'll cover general best practices and other information on how to protect your applications.

By the end of this new edition, you’ll have learned how to install and manage the latest version of Keycloak to secure new and existing applications using the latest features.

What you will learn

• Understand how to install, configure, and manage the latest version of Keycloak
• Discover how to obtain access tokens through OAuth 2.0
• Utilize a reverse proxy to secure an application implemented in any programming language or framework
• Safely manage Keycloak in a production environment
• Secure different types of applications, including web, mobile, and native applications
• Discover the frameworks and third-party libraries that can expand Keycloak

Who this book is for

This book is for developers, sysadmins, security engineers, or anyone who wants to leverage Keycloak and its capabilities for application security. Basic knowledge of app development, authentication, and authorization is expected.

Table of Contents

1. Getting Started with Keycloak
2. Securing Your First Application
3. Brief Introduction to Standards
4. Authenticating Users with OIDC
5. Authorizing Access with OAuth 2.0
6. Securing Different Application Types
7. Integrating Applications with Keycloak
8. Authorization Strategies
9. Configuring Keycloak for Production
10. Managing Users
11. Authenticating Users
12. Managing Tokens and Sessions
13. Extending Keycloak
14. Securing Keycloak and Applications

About the Authors

Stian Thorgersen started his career at Arjuna Technologies building a cloud federation platform, years before most companies were even ready for a single-vendor public cloud. He later joined Red Hat, looking for ways to make developers' lives easier, which is where the idea of Keycloak started. In 2013, Stian co-founded the Keycloak project with another developer at Red Hat. Today, Stian is the Keycloak project lead and is also the top contributor to the project. He is still employed by Red Hat as a senior principal software engineer focusing on identity and access management, both for Red Hat and for Red Hat's customers. In his spare time, there is nothing Stian likes more than throwing his bike down the mountains of Norway.

Pedro Igor Silva is a proud dad of amazing girls. He started his career back in 2000 at an ISP, where he had his first experiences with open source projects such as FreeBSD and Linux, as well as a Java and J2EE software engineer. Since then, he has worked in different IT companies as a system engineer, system architect, and consultant. Today, Pedro Igor is a principal software engineer at Red Hat and one of the core developers of Keycloak. His main area of interest and study is now IT security, specifically in the application security and identity and access management spaces. In his non-working hours, he takes care of his planted aquariums.