keycloak

Keycloak Authorization Services - RPT, permissions or a decision only

This is a clarification to the previous write up about Keycloak Authorization Services1. The documentation of the response_mode documents the two values which can be used: decision and permissions. In the first Keycloak article2, I have wrongly assumed that no response_mode in the grant_type=urn:ietf:params:oauth:grant-type:uma-ticket call implies the value of permissions. Mmm, that was a wrong assumption. Now, looking at the documentation and trying it out, the distinction seems pretty obvious. It turns out there are three types of responses for this grant_type.
Read more

Keycloak Authorization Services - retrieving the decision only

In Introduction to Keycloak Authorization Services 1, I have described how to use the Authorization Services to find out if the user has access to certain resources. I have done so by asking Keycloak to issue an access token with a special grant_type with the value of urn:ietf:params:oauth:grant-type:uma-ticket which returned a list of permissions the has access to. The request looked like this: curl --silent -X POST \ ${KEYCLOAK_TOKEN_URL} \ -H "Authorization: Bearer ${access_token}" \ --data "grant_type=urn:ietf:params:oauth:grant-type:uma-ticket" \ --data "audience=customers" \ --data "permission=CustomerB#customer-b" | jq '.
Read more

Introduction to Keycloak Authorization Services

As the number of applications and websites in the organization grows, the developer will inevitably receive a request to implement Single Sign-On. Single Sign-On (SSO for short) is an authentication scheme allowing the user to log in with a single set of credentials and share the session across multiple, independent, potentially unrelated systems. The savvy developer will roll out Keycloak, enable Standard Flow client, maybe enable some of the social login options, like GitHub, Google or Facebook and call it a day.
Read more

Keycloak With Docker Compose

Keycloak is an open source Identity and Access Management System developed as a JBoss community project under the stewardship of Red Hat. Keycloak makes it is easy to secure apps and services written in many technologies using a large number client libraries. Out of the box, we get things like Single Sign-On, Identity Brokering and Social Login, User Federation and Authorization Services. With little to no code, we can give users of our apps the ability to sign in with Identity Providers like GitHub, Twitter or Google.
Read more