Keycloak — Open Source Identity and Access Management (IAM)
When considering the list for Open Source Identity and Access Management solutions out there Keycloak is an interesting option as it is the upstream open source project to RedHat’s commercial SSO (Single Sign On) product. Keycloak is aimed at allowing single sign on with Identity and Access Management for modern applications and services.
There are namely 2 major components of Keycloak,
- The Keycloak Server
- Keycloak Application Adapters
Keycloak supports both OpenID Connect (OIDC), OAuth 2.0 and SAML 2.0 and also allows the option choose to secure some applications with OpenID Connect and others with SAML.
Given below is an example on setting up Keycloak with a Python adapter using OIDC. (Credits — Pasan Semage)
When considering the data model on how the Keycloak schema is setup there are currently around 92 tables used in the data model and the figure below serves as an illustration of how the relationships exist among these tables.
Some of the advantages of using Keycloak are as follows :
Keycloak provides Single-Sign On capabilities by making users authenticate with Keycloak rather than individual applications. What this means is that once users are logged into Keycloak, users do not have to login again to access a different application. With the introduction of the Kerberos bridge this means that if users authenticate to workstations with LDAP or Active Directory (AD) they can also be automatically authenticated to Keycloak without having to provide their username and password again after they log on to the workstation.
It is not difficult to enable logging in with social networks by selecting the social network to be added on the admin console, with no changes to application code.
Keycloak supports user federation by having built-in support to existing LDAP or Active Directory servers and also allows implementing custom providers on relational database systems for example.
