Securing Infrastructure with Keycloak
OAuth protocol is often misunderstood as an authentication protocol but that is not the case. It is an authorization protocol used to provide authorization between two services. While OAuth does all the heavy lifting, authorization, it does not maintain an identity. At this point, OpenID Connect plays a vital role. It is a thin layer that sits on top of OAuth 2.0 and enables correct authentication for users and provides the correct identity. With the help of OpenID Connect, organizations can provide Single Sign On(SSO) functionality. In this talk, we will understand how one can leverage Keycloak, an OpenID provider, to perform Sign Sign On using the JSON Web Tokens(JWT). Most of the applications use the Session ID mechanism for authentication. Either they use the sticky mechanism or maintain a common database for multiple web-applications running the same server. Although this approach is used widely it is not scalable in nature. With the increase in adoption of the microservices architecture in applications lately, it has become difficult to scale your application using a Session ID. On the other hand, JWT proves to be an efficient methodology in this case. In this talk, we will gain a deep understanding of how to use the JWT for implementing the OpenID Connect protocol and I shall also demonstrate how I have implemented it in the Foreman project.
Rahul BajajRed Hat
Rahul is a Deputy Community Lead for the Foreman Project at Red Hat. He is a Rubyist, open-source enthusiast and upstream contributor. Being a Red Hat Certified Architect, he takes an interest in learning about containers, configuration management tools, and security. He loves to travel, code, talk and drink beer!