« Previous 1 2 3 Next »

Single sign-on like the big guys

Authenticate Anything

Once your set of internal applications grows greater than an order of 10s, you can end up in a scenario where credentials storage for each service gets out of control. Users might start complaining about how difficult it is to handle multiple passwords, and your day could turn into a password reset ticket nightmare. If you wonder whether a single sign-on (SSO) experience à la Google and Amazon is possible, even at a smaller scale, the answer is "Yes"! Keycloak can do exactly that.

A comprehensive administration introduction to Keycloak appeared previously in ADMIN [1], so in this article you will travel through the other end of the spectrum: How to enable your application with proper SSO, with or without writing code.

The Keycloak Project

Keycloak is a mature free and open source software (FOSS) project whose first production release goes back to the year 2014 [2]. It's largely funded and developed by Red Hat, and it is the software on which their SSO commercial offering is based. The tool's goal is to provide a modern and secure SSO experience for any application on the basis of either the OIDC or SAML framework (see the "OIDC vs. SAML" box).

OIDC vs. SAML

OpenID Connect (OIDC) is the only authentication framework used in this article, although Security Assertion Markup Language (SAML) is widely used and supported, especially in the Enterprise segment. The choice usually falls on OIDC because of its increasing popularity, lightness, and simplifications like data exchange by JSON instead of XML.

Until version 16, inclusive, Keycloak ran on top of the WildFly application server (formerly JBoss). Since version 17,

...
Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Lead Image © Kirsty Pargeter, 123RF.com
    Single sign-on with Keycloak
    Google and Facebook are two of the biggest providers for single sign-on on the web, with OAuth2 and OpenID, but if you don't want to put your customers' or employees' data in their hands, Red Hat's Keycloak software lets you run your own operations with the option of integrating existing Kerberos or LDAP accounts.
    more »
  • Lead Image © Viktoriya Malova, 123RF.com
    Registry for Docker images
    Running your own registry for Docker images is not difficult. We'll show you how to get started using the free docker_auth software.
    more »
  • Photo by Jeffrey Dungen on Unsplash
    Azure AD with Conditional Access
    Trust is good, but controls are better. As more flexible working models become widespread, the boundaries of the classic perimeter are blurring and softening existing models of trust for adopting cloud software and data storage or running domain controllers or core applications in the cloud.
    more »
  • Photo by Michael D on Unsplash
    Secure and seamless server access
    The powerful Cloudflare Tunnel provides secure and seamless access to servers and applications, making it a convenient alternative to VPN for any modern IT infrastructure.
    more »
comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Most Popular

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”> </a> <hr> </div> </div> <div class=