Chapter 1 – Introduction
Security is one of the key concerns in modern application development. While security is a vast area to discuss, one of the major aspects of security goes to Identity and Access Management (IAM). Identity and Access Management can be described as a set of business policies and processes that allows the management of digital identities. In more general terms these processes and policies allow digital systems to identify their users (Authentication), what resources these users can access (Authorization), how these users should be grouped while maintaining the sensitivity of all this information.
While these policies can be implemented from scratch using your favourite language, most of the time it is favourable to go for a pre-built IAM solution that can be customized to your specific business needs. Most of these solutions are battle-tested and more than capable of handling your identity and access management needs. Keycloak is one of these solutions that rise above most of the IAM solutions for a few reasons.
- Free and Open Source solutions with a comprehensive set of IAM features
- Features are up to date with frequent new patches and updates
- Highly active community
- High Scalability
Chapter 2 – Features
Keycloak provides an extensive set of features related to Identity and access management.
Keycloak supports modern protocols like OpenID Connect, OAuth 2 and v OAuth 2 happens to be the go-to authorization delegation protocol in the modern era. Keycloak supports all the grant types specified by OAuth 2 while allowing OpenID to Authenticate users on top of that. Abstraction Keycloak provides over these protocols to make it easier for the end-users is the most amazing thing about Keycloak.
LDAP and Active Directory
LDAP and Active Directory are highly used together for maintaining and querying users and relevant metadata. Active Directory is one of the highly used directory services databases, and LDAP is a common protocol you can use to talk to it. Being used in most the organizations, ability to connect with these existing directories is a major advantage provided by Keycloak.
Keycloak enables out of the box support for social logins such as Google, Facebook, Linked In, GitHub, Instagram, Microsoft, Bitbucket, Twitter, GitLab, Paypal and Stackoverflow. That is nearly a dozen social logins that are allowed by Keycloak just by clicking on a few buttons if you know what you are doing.
In the medium to large organizations most often there are thousands of users using the application systems. These user bases will be always growing and vertical scaling will pretty much run out of its magic at some point. Vertical scaling is eminent. Also, it is not wise to trust that your servers will run healthy all the time. Downtime of a server could cause millions of business dollars. To answer all the hassle, Keycloak supports High availability and vertical scaling out of the box. The Keycloak is built on top of the Wildfly Application Server which allows to easily manage said problems.
No matter how many out of the box services an IAM provides there can always be a scenario that is very specific to your organization’s needs. Maybe have a custom grant type that is specific to your business, or maybe sending an OTP using your own local SMS server. Keycloak allows you to write custom adapters in Java which can pretty much allow writing something of your own.
One of the best things about Keycloak is, all these out of the box features and related users can be easily managed through the centralized dashboard they provide. You don’t have to run a query to delete a user, it is always one or two clicks away.
Chapter 3 – Setup & Getting Started
There are few ways you can get started with Keycloak in your local environment. Here are the two most common methods.
- JDK 1.8+ Installed
- Docker (Only if you are planning on running the Keycloak using method 2)
Method 1 – Running the server as a process
- Download the Keycloak from Keycloak Downloads
- Unzip the File
- Navigate to the unzipped folder
- Navigate to the the /bin
- Run the following command
- Linux/Unix – $ ./standalone.sh
- Windows – ./standalone.bat
Now if you open up the http://localhost:8080/auth you could see the Keycloak Admin Dashboard which will allow you to create an Admin user and Play!
Method 2 – Running the Keycloak Docker Container
If you have docker up and running you can simply start Keycloak with one command.
Now if you open up the http://localhost:8080/auth you could see the Keycloak Admin Dashboard. User the username ‘admin’ and the password ‘admin’ as configured above.
Chapter 4 – Final Thoughts
Keycloak is a great free and open-source yet comprehensive IAM solution that you can set up and start to use in less than 5 minutes. If you are looking for an IAM solution for your new app or if you are fed up with dealing with constant security measures that you have to implement in your home brewed user management system, give Keycloak a go. You won’t be disappointed!