Contact us
Contact us
E-mail
E-mail
Locations
Locations
Cancel

Start searching

This search is based on elasticsearch and can look through several thousand pages in miliseconds.
Learn more
.infrastructure
JobsContact us
DE
11. August 2020

Single sign-on with Keycloak

An all-rounder that can do more than just secure authentication.

Gesagt, getan

Jürgen Egeling
ist bereit immer wieder alles Bestehende zu hinterfragen.
Share:
Categorys:Mode of operation, Technology
Reading duration: approx. 2 Minutes

Each application has its own login. You can always log in with the same user name and password, but woe betide you if you want to change the password. Then it's finger acrobatics for all logins.
It would be nice to have a central system that all users can log in to and that also works in modern distributed architectures, as it can be used to make services "secure".
In your own software products, you face other challenges: How to securely authenticate users, and how to offer authentication with social media services (Facebook, google, github, twitter) to those who want it?

Keycloak as a multi-talent

Keycloak can do all this, and can also be connected to any existing user directories such as LDAP or Active Directory. Since Keycloak also supports the Kerberos protocol, it is also possible to integrate services that provide Kerberos as a protocol. And all this, mind you, in parallel to the services mentioned above.

Central authentication

Keycloak can therefore provide authentication for pretty much all services available in the company. But what happens if this central authentication service fails? Well, then nobody can log in anymore, so this should be avoided at all costs. But don't worry, the Keycloak server can be designed and configured as an HA (high availability) service. Thanks to the existing replication and failover services, Keycloak can be configured to be fail-safe. There are no technical limits here.

Keycloak speaks several languages

There are plug-ins for all common programming languages or code snippets that make it easy to get started with development, and the various exchange formats for authentication that Keycloak offers make this tool the first choice for central user administration. Keycloak can "talk" to your existing authentication world, e.g. LDAP, and then send the authentications required there, e.g. SAML, OpenID Connect or Oauth 2.0, to the Internet applications. And all of this independently for each individual web application.

Since Keycloak is used as an identity and authorization broker, you can now set up your own services as independent distributed services where the user can still use the same login and password everywhere. For the user of your services, this represents a simplification that should not be underestimated, and for all those responsible for applications in the company, the decentralized services can be added or taken out of operation again. Of course, the whole thing is also GDPR-compliant, as no other data needs to be shared between these services apart from logging. Each application can hold its own data, which also ensures that the application development teams only receive the data that they need to see.

If you are interested in the topic of user management, please contact us.

Author:Jürgen Egeling
Share:

More articles

Our Open Source Learnings 2025
Our Open Source Learnings 2025
Old certainties are crumbling, new questions are emerging. Who actually decides on technology? How independent are we really? And what role does open source still play? We share our observations from a year that has reorganized many things.
Working at punkt.de - getting started and the first few months
Working at punkt.de - getting started and the first few months
I've been at punkt.de for four months now and in that time I've already taken part in the team days, the Just Do It Day, as a helping hand at a conference and experienced a project going live.
Suche nicht nach Fehlern, suche nach Lösungen.
Nina Egeling, Verwaltung at punkt.de
Working at punkt.de