What is Keycloak?
Keycloak is an open source, easy to use and customisable software solution for managing Identity/Access to application, resources and services. The open source project is managed by Red Hat and is a part of JBoss community.
In this article, we will go through the salient features of Keycloak.
1. Social Login
Many of you might have noticed that nowadays several websites offer you to sign-in using your already existing account in a certain social platform, for example Facebook, Twitter or Google. This way, these websites do not have to worry about collecting registration information from new users, or to manage their user accounts. The already existing user information in their social media accounts is used by the third party website to authenticate users for their resources. This consequently also eases the registration/sign-in process for the end-user as he does not have to manage lots of accounts/passwords.
To implement social login, keycloak presents an out of the box solution, for which the application or its developers do not have to add or change any code and can simply implement it through Keycloak’s admin console.
Single-Sign-On (SSO) means multiple applications register themselves to an authorisation server, which manages the authentication, storage and login process of the users. Once signed in and authenticated by the authorisation server, the user can access all the registered applications and does not need to sign in separately for each individual application. This process is standardised and defined by a protocol known as OAUTH2/OpenID Connect. For more about this protocol, please click here.
Keycloak presents this service against the industry standards, where certain distinct applications can register themselves as clients in Keycloak’ realm. The user registers itself with the Keycloak and once authenticated, it can use multiple applications without having to sign-in again. Same goes for the logout, once the user logs out of Keycloak, it is automatically logged out of all registered application. Additionally, it can also be configured that which applications a certain user can access, or within an application what role a user can have. For further information about Keycloak configuration , please click here.
3. User Registration
Keycloak can overtake the user registration process, thus providing a central user database. These users can then be managed for what they can access and what kind of roles they are assigned for a certain resource/application. If you want to know how user registration is implemented or customised, please see the user registration in Keycloak here.
4. Administration Console
Keycloak server offers a very user friendly admin console which makes configuration of Access and Identity management very simple. Through this console, anyone having admin rights can configure services, enabling or disabling certain features, addition or removal of clients/applications, creating and managing user groups, roles, defining password policies or registration workflows etc. The admin console is central to Keycloak and its configuration and more about its usage/configuration is described here.
5. Account Management Console
Registered users can manage (e.g. updating their password or profile) their accounts through account management console. This console also helps user to set up social login options, 2-factor authentication or even to see their account’s history.
6. Client Adapters
Keycloak comes up with several adapters catering to different technologies and infrastructures. These adapters make it easy for the user to implement Keycloak according to his technology stack with minimum of boilerplate code. Almost all the current popular platforms are supported and Keycloak provides an adapter for them.
7. Protocols supported
As mentioned above, Keycloak supports the industry protocols like OAUTH, OpenID-Connect and SAML.