OpenShift Commons Gathering included two talks about Keycloak, an open-source identity and access management solution for modern applications and services, built on top of industry security standard protocols.

The following topics were discussed:

  1. Keycloak: the Open Source IAM for Modern Applications
  2. Keycloak for Securing APIs a Case Study

Keycloak: the Open Source IAM for Modern Applications

This first talk was about how to secure applications by taking advantage of authentication and authorization mechanisms with all the flexibility you need and in a streamlined way.

The speaker, Alexander Schwartz, has worked with Keycloak for eight years; he’s now a part of the Engineering Team at Red Hat. Alexander presented an overview of the main functionalities of Keycloak to make applications secure by taking advantage of robust protocols such as OpenID Connect and OAUTH 2.0. 

Alexander focuses on AuthZ and AuthN functionalities that are critical for applications to ensure that any access has been validated for authentication and authorization before accessing the application. Keycloak gives flexibility to developers, who can integrate with different enterprise mechanisms, such as any stores from LDAP to relational databases. Additionally, it provides features to strengthen security, such as Forget Password, One Time Password, and Update Password Policies.

Some of the highlights are:

  • Administrators can control the functionality by accessing a UI or a REST API, such as forgetting a password, remembering me, or enabling user registration.
  • Keycloak supports User Federation and Identity Brokering.
  • Enable continuous everything by exporting and importing realms, accessing REST API and CLI. 
  • Keycloak can be used in any cloud or non-cloud environment.


Keycloak for Securing APIs a Case Study

The speaker, Yuichi Nakamura, Ph.D. Hitachi, Ltd. Director, shared challenges finding a robust solution for APIs that run everywhere. The speaker focused on a Japanese bank case that required a robust and comprehensive solution for API management solutions for containers on OpenShift.

Some of the highlights are:

  • How security is necessary to secure any API access from different systems and users. 
  • A security mechanism is implemented with Keycloak based on token generation supporting different protocols. 
  • High-level security is required, especially for the financial and public sectors. 
  • FAPI (Financial grade API) is a security profile described as getting attention globally and integrated with OAUTH 2.0 and OpenID.


Learn more about this security profile on the case study: