The Problem: Convenient != Secure && myCustomImpl != Robust
The most challenging thing to manage in computers systems is often the users of those systems... As a user of many computing systems I find manageing user accounts to thoses systems is also a challenge. So how can we make access convenient as well as secure and robust?
The computing standards that solve this problem best seams to be OAuth and OpenID Connect (OIDC). Programming these standards and making them secure against the creative attacks users and annonimous users develop is a continuous struggle.
"Keycloak is an open source Identity and Access Management solution aimed at modern applications and services. It makes it easy to secure applications and services with little to no code."
Keycloak will store users for you or allow you to use GitHub, Google, Facebook, LinkedIn... as identity providers. If you have users stored in a LDAP you just need to add and configure a LDAP user federation provider. Then you can concentrate on implementing OAuth to secure your applicaitons and services.
If you have your own database storing your users and want to use Keycloak to manage the security of your web applications you can implement the user provider interfaces with a little code.
Lots of code
At openFORCE we like code so here is an example Jhipster monolithic web appliciation with Keycloak integration and a custom user provider implementation.
git clone https://github.com/dougculnane/keycloak-ref.git cd keycloak_ref mvn clean install cd jhipster_webapp chmod -R 777 src/main/docker/deployments docker-compose -f src/main/docker/keycloak.yml up -d mvn
You can now browse http://localhost:8080/ -> register and login.
We have glossed over a few details ( which you will find in the code ;-) ) but this is the foundation of a Single Sign On, Multi-host, Multi-realm, Role based, User management, Security system that has many configurable features like "Brute Force Detection", "Recaptcha", "Password Policy", "Email verification", "Forgot / reset Password", "One Time Password 2 factor authentication", etc....