Lesezeit: ca. 2 Minuten

User Management with Keycloak


The Problem: Convenient != Secure && myCustomImpl != Robust

The most challenging thing to manage in computers systems is often the users of those systems... As a user of many computing systems I find manageing user accounts to thoses systems is also a challenge. So how can we make access convenient as well as secure and robust?

The computing standards that solve this problem best seams to be OAuth and OpenID Connect (OIDC). Programming these standards and making them secure against the creative attacks users and annonimous users develop is a continuous struggle.

Solution: Keycloak

"Keycloak is an open source Identity and Access Management solution aimed at modern applications and services. It makes it easy to secure applications and services with little to no code."

User Stores

Keycloak will store users for you or allow you to use GitHub, Google, Facebook, LinkedIn... as identity providers. If you have users stored in a LDAP you just need to add and configure a LDAP user federation provider. Then you can concentrate on implementing OAuth to secure your applicaitons and services.

If you have your own database storing your users and want to use Keycloak to manage the security of your web applications you can implement the user provider interfaces with a little code.

Keycloak Admin Console - User Federation

Lots of code

At openFORCE we like code so here is an example Jhipster monolithic web appliciation with Keycloak integration and a custom user provider implementation.

git clone https://github.com/dougculnane/keycloak-ref.git
cd keycloak_ref
mvn clean install
cd jhipster_webapp
chmod -R 777 src/main/docker/deployments 
docker-compose -f src/main/docker/keycloak.yml up -d

You can now browse http://localhost:8080/ -> register and login.

Key Cloak - JHipster

We have glossed over a few details ( which you will find in the code ;-) ) but this is the foundation of a Single Sign On, Multi-host, Multi-realm, Role based, User management, Security system that has many configurable features like "Brute Force Detection", "Recaptcha", "Password Policy", "Email verification", "Forgot / reset Password", "One Time Password 2 factor authentication", etc....

Doug Culnane

Doug ist Developer bei der openFORCE und beschäftigt sich mit der Konzeption, Entwicklung und Weiterentwicklung von Applikationen und Prozessen.

Weiterlesen - die aktuellsten Beiträge

openDEVS Developers Careeport sticht in See
Code your Infrastructure - Ansible
Erfahrungsbericht als Softwareentwickler bei der openFORCE