Keycloak Usermanagement - your solution for secure user admin

"Keycloak is an open source Identity and Access Management solution aimed at modern applications and services. It makes it easy to secure applications and services with little to no code."

The Problem: Convenient != Secure && myCustomImpl != Robust

The most challenging thing to manage in computers systems is often the users of those systems... As a user of many computing systems I find managing user accounts to those systems is also a challenge. So how can we make access convenient as well as secure and robust?

The computing standards that solve this problem best seems to be OAuth and OpenID Connect (OIDC). Programming these standards and making them secure against the creative attacks, users and anonymous users develop,  is a continuous struggle.

User Stores

Keycloak will store users for you or allow you to use GitHub, Google, Facebook, LinkedIn... as identity providers. If you have users stored in a LDAP you just need to add and configure a LDAP user federation provider. Then you can concentrate on implementing OAuth to secure your applicaitons and services.

If you have your own database storing your users and want to use Keycloak to manage the security of your web applications you can implement the user provider interfaces with a little code.

Lots of code

At openFORCE we like code so here is an example Jhipster monolithic web appliciation with Keycloak integration and a custom user provider implementation.

git clone https://github.com/dougculnane/keycloak-ref.git
cd keycloak_ref
mvn clean install
cd jhipster_webapp
chmod -R 777 src/main/docker/deployments 
docker-compose -f src/main/docker/keycloak.yml up -d
mvn

You can now browse http://localhost:8080/ -> register and login.

We have glossed over a few details ( which you will find in the code ;-) ) but this is the foundation of a Single Sign On, Multi-host, Multi-realm, Role based, User management, Security system that has many configurable features like "Brute Force Detection", "Recaptcha", "Password Policy", "Email verification", "Forgot / reset Password", "One Time Password 2 factor authentication", etc....