The unified authentication and authorization platform keycloak is too good, I want to do it

Recently, I want to open up the user relationship of several applications and build a centralized user management system to unify the user system of applications. After some research, Red Hat’s open source 160ee7d6999d59 was , which is a very powerful unified authentication and authorization management platform. Keycloak was selected for the following reasons.

Ease of use

Keycloak provides a one-stop single sign-on solution for web applications and Restful services. Its goal is to make application security management simple, so that developers can easily protect their applications and services. And Keycloak provides a visual management interface for login, registration, and user management. You can use this interface to configure security policies that meet your needs and perform user management. And also ok

Powerful

Keycloak implements common authentication and authorization protocols and common security technologies in the industry, mainly including:

• Single sign-on (SSO) for browser applications.
• OIDC certification and authorization.
• OAuth 2.0。
• SAML。
• Multi-tenant support.
• Identity Broker-Use an external OpenID Connect or SAML identity provider for authentication.
• Sign in with.
• User Federation-Synchronize users from LDAP and Active Directory servers.
• Kerberos bridge-automatically authenticates users who log in to the Kerberos server.
• A management console for centralized management of users, roles, role mapping, clients, and configurations.
• A management console for centralized management of user accounts.
• Custom theme.
• Two-stage identity authentication.
• Complete login process-optional user self-registration, password recovery, email verification, password update request, etc.
• Session Management-Administrators and users themselves can view and manage user sessions.
• Token Mapping-Map user attributes, roles, etc. to tokens and statements.
• Security policy recovery function.
• CORS support-The client adapter has built-in support for CORS.
• Custom SPI interface extension.
• Client adapters such as JavaScript applications, WildFly, JBoss EAP, Fuse, Tomcat, Jetty, Spring, etc.
• Support any platform/language with OpenID Connect Relying Party library or SAML 2.0 Service Provider library.

And there is a special Spring Boot Starter, which is very easy to integrate into Spring Boot.

Open source based on practice

Produced by Red Hat, it must be a boutique. Red Hat’s good reputation determines the reliability Keycloak It follows the Apache 2.0 open source protocol for open source. After eight years of continuous open source, the code quality is high and it is very suitable for customized development. Red Hat’s commercial paid certification authorization product Red Hat SSO is based on Keycloak . It provides enterprises with a dynamic single sign-on solution, which indirectly proves the reliability Keycloak

Adapt to Spring Security

This framework is to 160ee7d699a2c9 Spring Security and Spring Boot , which is very suitable for the migration and extension of these two systems. This is also one of the important reasons why I chose it.

Disadvantage

Although there are many advantages, the disadvantages are also obvious. Powerful functions mean that the architecture is more complex, there are more concepts, and the learning cost is higher.

Another reason for the relatively high cost of learning is that there are fewer Chinese materials, and you need to gnaw official documents yourself. For the authentication method required by the business, it may be necessary to implement some interfaces by itself, which also tests the individual's coding ability.

At last

Fat brother has paid attention to this thing for a long time but has not started. The first is because it is really challenging, and the second is that there is no actual development scenario. Now the opportunity has come. Today, I will give a brief introduction to this framework, so that those who don’t understand it Students first have a brief understanding. If you Keycloak , you can basically get some large and medium-sized application security system construction, both temptation and challenge. In addition, this program is suitable for building a unified authentication and authorization portal. It is not suitable for some small applications and is relatively heavy, but it should be very good for microservices. It is a good choice when the new Spring authentication server has not yet reached production availability. So I will study and learn this thing with you in the follow-up. Interested friends can pay more attention to: Code Farmer Little Fat Brother.

Follow the public account: Felordcn for more information

personal blog: https://felord.cn