Today's Deep-Dive: Keycloak
Ep. 145

Today's Deep-Dive: Keycloak

Episode description

This episode focuses on the necessity of logging in to various online services and introduces KeyCloak, a tool that simplifies user authentication and management for developers. KeyCloak is an open-source solution that streamlines the process of handling logins, permissions, and security, allowing developers to concentrate on their app’s unique features. A significant feature of KeyCloak is single sign-on (SSO), which enables users to log in once and access multiple applications without repeatedly entering passwords, enhancing security. KeyCloak also facilitates social logins by acting as a central hub, allowing developers to integrate various social media accounts easily.

Additionally, KeyCloak supports identity brokering, letting users from partner organizations access resources without creating new accounts. It has a user federation feature that syncs with existing user directories, saving time and reducing errors. Administrators manage everything through an admin console, while users have self-service options via an account management console. KeyCloak employs industry-standard protocols like OpenID Connect and SAML 2.0 for compatibility and security. Lastly, it provides detailed authorization policies, enabling granular control over user permissions, making it a vital tool for enhancing security and efficiency in online services.

Gain digital sovereignty now and save costs

Let’s have a look at your digital challenges together. What tools are you currently using? Are your processes optimal? How is the state of backups and security updates?

Digital Souvereignty is easily achived with Open Source software (which usually cost way less, too). Our division Safeserver offers hosting, operation and maintenance for countless Free and Open Source tools.

Try it now for 1 Euro - 30 days free!

Download transcript (.srt)
0:00

Okay, so you ever notice how pretty much every app

0:02

on your phone wants you to log in?

0:05

Like websites too, right?

0:06

Yeah, for sure.

0:07

Seems like it's just become this basic part

0:09

of using any online service.

0:12

Yeah, they need to know who you are

0:13

and what you're actually allowed to do

0:15

on their platform, right?

0:17

Right, and so today we're going deep

0:19

on how all that works behind the scenes.

0:21

Sounds good.

0:22

We're gonna be looking at a really cool tool

0:23

called KeyCloak.

0:25

Okay, cool.

0:25

It basically makes this whole process

0:27

way easier for developers and by extension,

0:31

much safer for everyone.

0:32

Yeah, absolutely.

0:34

Security and like user management,

0:36

those are really complex topics.

0:38

Oh, totally.

0:39

Especially if you're building

0:40

an application from scratch.

0:41

Right.

0:42

KeyCloak really helps this.

0:43

It's an open source solution that takes care

0:45

of like all the core tasks of handling logins

0:48

and permissions.

0:49

Oh, that's awesome.

0:51

And I wanna take a second to thank Safe Server

0:52

for supporting this deep dive.

0:54

They're all about supporting this kind

0:55

of important software and really empowering you

0:58

with digital sovereignty.

0:59

For sure.

1:00

You can find out more about them at www.safeserver.de.

1:05

Definitely check them out.

1:06

So yeah, with KeyCloak developers,

1:07

they can actually focus on the unique features

1:09

that make their app special.

1:11

Right, because they don't have to worry

1:12

about reinventing the wheel when it comes to security.

1:16

Yeah.

1:17

Which is a good thing.

1:18

Exactly, it's a huge win for everyone involved.

1:20

Okay, so let's say I'm using a bunch

1:22

of different online accounts.

1:23

My email, a project management tool,

1:26

a community forum, and I'm sure I'm missing a couple.

1:30

Yeah, probably a few.

1:31

Usually each of those needs its own username and password.

1:34

Aye, yeah, that can get a bit overwhelming

1:36

keeping track of all of them.

1:38

It's a nightmare.

1:39

So KeyCloak offers something called single sign-on,

1:43

or SSO, what's that all about?

1:45

So SSO with KeyCloak is kind of like having this master key.

1:49

Yeah.

1:50

You just log in once to KeyCloak,

1:51

and then you can access all these other

1:52

connected applications without having to type

1:55

in your password every single time.

1:56

So I unlock the main KeyCloak door,

1:59

and all the other apps just kind of know it's me.

2:01

Yeah, you got it.

2:02

It happens in the background.

2:03

You don't even see it.

2:04

Oh yeah, that's so convenient.

2:05

Right, and it's more secure too.

2:07

You're actually reducing the chances

2:08

of your password getting compromised

2:09

because you're not typing it in everywhere.

2:11

That's true.

2:12

Out of sight, out of mind, I guess.

2:15

So what about when I see those sign in with Google

2:19

or connect the Facebook buttons?

2:21

Oh yeah, those are everywhere now.

2:23

Keycloak helps with that too, right?

2:24

It does.

2:25

It makes adding those social login options

2:28

way easier for developers.

2:30

How so?

2:31

So instead of each app having to build

2:33

separate connections to Google, Facebook, Twitter,

2:36

you know, all of them.

2:37

Right.

2:38

Keycloak just acts as this central hub.

2:41

Okay, that makes sense.

2:42

So through Keycloak's admin console,

2:44

you just configure which social logins

2:45

you want to enable, and that's it.

2:47

So the developers don't have to write a bunch of code

2:49

to deal with each individual social network.

2:51

Exactly, it's way simpler.

2:53

Keycloak handles all the complexities for them.

2:55

So it's like Keycloak speaks all these different

2:57

social media languages for the app.

3:00

Yeah, that's a really good way to put it.

3:02

That seems like a huge time saver.

3:03

It is, and it's not limited to just social logins either.

3:08

Keycloak can also connect to existing identity systems

3:11

that companies might already be using.

3:13

You mean like internal company accounts

3:15

and things like that?

3:16

Exactly, like if they're using something

3:17

like OpenID Connect or SAML 2.0,

3:21

it acts like a translator for different digital identities

3:24

so everyone can understand each other.

3:26

Gotcha, and what's that called?

3:27

That's called identity brokering.

3:29

Imagine a company partners with another organization.

3:33

Their employees, they need to access specific resources

3:37

in your app brain.

3:38

Makes sense.

3:39

Well, with Keycloak, you don't have to create

3:41

separate accounts for all those new users.

3:43

Keycloak can just broker their existing identities

3:46

so it's all seamless.

3:48

Very cool, so let's say a company has its own system

3:52

for storing employee information

3:54

like a directory of user accounts.

3:56

Do they have to manually recreate all of that in Keycloak?

3:59

No, no, not at all.

4:00

Keycloak is smarter than that.

4:01

It has a feature called user federation.

4:04

Okay, what's that do?

4:04

This lets it connect to and sync with

4:07

those existing user directories.

4:09

So like the company's active directory

4:11

or something like that.

4:12

Exactly, so when someone new joins the company

4:15

and an account is created, Keycloak

4:16

just automatically recognizes them.

4:19

Okay, so no need to set up a separate Keycloak account

4:22

for each person.

4:23

Exactly, saves a lot of time and effort.

4:25

And helps avoid errors too, I bet.

4:26

Oh yeah, for sure.

4:27

It keeps everything consistent,

4:29

which is always a good thing in the world of IT.

4:31

Absolutely.

4:32

So we've talked about users logging in

4:34

and connecting to different systems.

4:36

Right.

4:36

But how does someone like an IT administrator

4:39

actually manage all of this in Keycloak?

4:43

So that's where the admin console comes in.

4:45

Think of it as mission control for Keycloak.

4:48

Okay.

4:49

From this web interface,

4:49

administrators can do pretty much everything.

4:52

Oh wow, like what?

4:53

They can enable or disable features,

4:56

set up the identity brokering and user federation

4:58

we just talked about,

4:59

and manage all the applications and services

5:02

that are secured by Keycloak.

5:03

Wow, okay, so it's pretty comprehensive.

5:05

Oh it is.

5:06

They can also define authorization policies,

5:09

which we'll talk about in a bit.

5:10

And of course they can manage users themselves,

5:12

including their permissions and active sessions.

5:15

Oh wow, so it really is a central point

5:17

for controlling everything.

5:18

Exactly, it gives administrators a clear overview

5:21

and control over the entire identity

5:24

and access management system.

5:26

Okay, so what about regular users?

5:29

Can they do anything themselves related to Keycloak,

5:32

like changing their password or adding extra security?

5:35

Oh, absolutely.

5:36

Keycloak has a feature called the account management console.

5:40

What's that like?

5:40

It's a self-service portal for users

5:42

where they can manage their own profile change passwords,

5:46

set up things like two-factor authentication.

5:48

Oh, that's handy.

5:49

Right, they can also see a history of their logins

5:51

and even link their social media accounts if that's enabled.

5:54

Okay, so users have a good amount of control

5:56

over their own security and information.

5:58

Exactly, and it takes some of the pressure

6:00

off IT administrators too for all those common tasks.

6:04

Which I'm sure they appreciate.

6:05

Yeah.

6:06

Now you mentioned earlier that Keycloak relies

6:07

on standard protocols like OpenID Connect

6:10

and Samuel Ale.

6:12

Why is that so important?

6:13

So using these industry standard protocols

6:16

is really crucial for Keycloak for a couple of reasons.

6:20

First, it makes sure that Keycloak can work

6:22

with a really wide range of applications and services.

6:25

Okay, how so?

6:26

Well, because these protocols are so widely used,

6:29

it's like they create a common language

6:31

for all these different systems to understand.

6:33

I see.

6:34

So applications built with different technologies

6:36

can still talk to Keycloak and use it for authentication

6:39

and authorization,

6:40

because they all speak the same language, so to speak.

6:43

Oh, so there are no compatibility issues

6:45

because they're all following the same rules.

6:47

Right, and the second reason is security.

6:50

These protocols have been tested and analyzed

6:52

by experts all over the world,

6:54

so they're generally considered really secure.

6:56

So it's not like Keycloak is just doing its own thing

6:59

in a way that could have security flaws.

7:01

Exactly, by using these proven protocols,

7:03

Keycloak benefits from all the collective knowledge

7:05

and security expertise that's gone into developing them.

7:08

Gotcha.

7:09

It's like standing on the shoulders of giants in a way.

7:11

You could say that.

7:12

So you mentioned authorization policies earlier.

7:15

Yes.

7:16

I know that it's important to know who someone is,

7:19

but I guess you also need to control

7:21

what they can actually do once they're logged in, right?

7:23

Absolutely.

7:24

Authentication is just the first step.

7:26

Authentication takes it to the next level.

7:28

Okay, so it's like checking your ID at the door,

7:30

but then also making sure you have permission

7:32

to go into specific rooms.

7:34

Exactly, it's about controlling access

7:36

to specific resources or actions within an application.

7:39

Makes sense.

7:41

So with KeyClock's authorization services,

7:43

you can get really granular with the permissions you define.

7:46

Okay.

7:46

Like you might not just have an editor role

7:48

that gives access to everything.

7:50

Right.

7:50

You could say this specific user

7:52

can only edit these particular documents, but not others.

7:55

And that would be handled through

7:56

these authorization policies.

7:58

Yeah, exactly.

7:59

It's really powerful for applications

8:01

that have sensitive data or complex requirements

8:04

like in finance or healthcare.

8:06

Yeah, where security and privacy are paramount.

8:09

So for someone who is new

8:10

to all this managing access and permissions online,

8:13

what's the key takeaway with Keycloak?

8:17

The main idea with Keycloak is that

8:18

it takes all the complicated stuff

8:20

related to identity and access management

8:22

and makes it much simpler for modern applications.

8:25

And that's good for developers and users alike.

8:27

For sure.

8:28

Keycloak handles all the hard parts

8:29

like storing user information authentication,

8:32

like proving someone is who they say they are

8:35

and authorization controlling what they can actually do.

8:38

Okay.

8:38

It's got all these great features

8:39

like single sign-on integration with existing systems,

8:43

social logins, and a central console

8:45

for managing everything.

8:46

And it's all built with security in mind

8:48

from the ground up.

8:49

Absolutely.

8:50

It lets developers focus on building great apps

8:52

without having to become security experts themselves.

8:55

That makes a lot of sense.

8:56

So it sounds like Keycloak is a really important tool

8:58

for improving both security and efficiency

9:00

for anyone working with online services.

9:02

Definitely.

9:03

And for end users, it often means a smoother, more secure

9:07

experience online.

9:08

You don't have to juggle a million different passwords.

9:10

Which is always a good thing.

9:11

It really is.

9:12

It's easy to overlook, but these behind-the-scenes systems

9:16

like Keycloak, they're what makes the internet work

9:19

the way it does today.

9:20

Oh, for sure.

9:21

They're the unsung heroes of the digital world.

9:24

And a big thanks again to Safe Server

9:26

for supporting this deep dive into Keycloak.

9:30

And for all their work in promoting digital sovereignty.

9:32

Definitely check them out.

9:33

You can learn more about what they do

9:35

and how they support important open source projects

9:37

like Keycloak by visiting www.safeserver.de.

9:43

Good stuff.

9:43

As we spend more and more of our lives online,

9:46

having secure and easy to use ways

9:48

to manage our digital identities is only

9:51

going to become more important.

9:52

I completely agree.

9:53

And open source tools like Keycloak

9:55

are playing a big role in making that happen.

9:56

Couldn't have said it better myself.

9:58

Well, thanks for joining us

9:59

Until next time.

9:59

Until next time.