/root
/training
/root //training/
Security Simplified: A Keycloak Masterclass

Security Simplified: A Keycloak Masterclass

Intended audience

  • Developers
  • Software Architects
  • Tech Leads

Pre-requisites

  • Knowledge of RESTFul API architecture
  • Knowledge of Java and Spring Boot or Javascript/Node

Training Outline

Understanding Keycloak

  • Intro to Keycloak
  • Keycloak architecture, components and enties
  • 👨‍🔬 Installation and setup of a local Keycloak instance

Getting started with Keycloak

  • Creating and managing realms
  • User and group management
  • Client applications
  • 👨‍🔬 Create a realm, add a user, and register a client application

Understanding OAuth 2.0

  • Introduction to OAuth 2.0
  • OAuth 2.0 workflow and components (Client, Resource Server, Authorization Server)
  • Types of OAuth 2.0 grants
  • 👨‍🔬 Implement an OAuth 2.0 authorization code flow using Keycloak

Understanding OpenID Connect

  • Introduction to OpenID Connect
  • Differences between OAuth 2.0 and OpenID Connect
  • OpenID Connect workflow
  • 👨‍🔬 Extend the previous exercise to implement an OpenID Connect authentication flow

Understanding Scopes and Roles

  • What are roles and scopes
  • How to define and manage roles and composite roles in Keycloak
  • The relationship between scopes, roles, and permissions
  • 👨‍🔬 Define roles for a client application and manage access with scopes

Authentication and Authorization

  • Understanding Keycloak's authentication flows
  • Role-Based Access Control (RBAC) in Keycloak
  • Attribute-Based Access Control (ABAC) in Keycloak
  • 👨‍🔬 Configure an authentication flow and set up role-based access control for a client application

Keycloak Authentication Flows

  • Understanding Keycloak's authentication flows
  • Configuring OTP, WebAuthn, X509 and other authentication flows
  • 👨‍🔬 Configure different authentication flows and test them

Understanding and Working with JWT Tokens

  • Introduction to JSON Web Tokens (JWT)
  • Structure of a JWT
  • How Keycloak uses JWTs in authentication and authorization
  • 👨‍🔬 Inspect a JWT issued by Keycloak and decode its information
  • Implementing Social Logins with Keycloak

Social logins

  • Understanding the concept of social logins
  • How Keycloak supports social logins
  • Configuring social logins with various providers (e.g., Google, Github)
  • 👨‍🔬 Set up a social login with a chosen provider in a Keycloak realm

Securing Applications with Keycloak

  • Keycloak adapters for different platforms (e.g., Java, Node.js)
  • Secure a RESTFul API using Keycloak
  • 👨‍🔬 Secure a simple web application using Keycloak and the appropriate adapter, secure a RESTFul API

User Federation using LDAP

  • Configure Keycloak to Use LDAP as user provider
  • Understand user and roles synchronisation
  • 👨‍🔬 Configure Realm to access an LDAP server via User Federation, configure Sync settings, configure role mappers

Keycloak as an Identity Broker

  • Understand Identity brokerage and different types of providers
  • 👨‍🔬 Configure SAML SSO using an existing Identity Provider

Customising Keycloak themes

  • Understanding Keycloak themes
  • Exploring the default Keycloak themes
  • Creating and applying a custom theme
  • 👨‍🔬 Change the look and feel of the login page