Keycloak: The Open-Source IAM for Modern Applications

The presentation discusses the deployment of Keycloak using an operator and the importance of API security profile in ensuring secure usage of open APIs.

• Keycloak can be deployed using an operator and customized using the server developer's guide
• API security profile is crucial in ensuring secure usage of open APIs
• Improper implementation of OAuth 2.0 can lead to security holes and attacks such as RF attacks
• FAPI defines a secure usage of OAuth 2.0 and operator connect across the protocol flow
• Observability of Keycloak instance can be achieved using metrics and logging
• Community engagement is encouraged through GitHub discussions and contributions

The speaker demonstrated a custom dashboard that collects information on the Keycloak instance's metrics, such as garbage collections, connection pools, and thread performance. The dashboard provides useful information for monitoring the system's performance and identifying potential issues.

An Open-Source identity and access management solution that is feature-rich, flexible, passes compliance tests and has a vibrant community? Keycloak is all of this: It supports flexible flows for user registration, password reset, strong authentication, the Financial-Grade API security profile, and other features out of the box. It's also fully scriptable for automation and has dozens of SPIs to extend its functionality.Keycloak builds on top of industry security standard protocols supporting OAuth2, OpenID Connect and WebAuthn. It can also bridge to existing security infrastructures like SAML2 based IdPs, LDAP servers, and Kerberos/SPNEGO. Since the first release eight years ago, it has grown its community, with major players using and contributing to it. In 2023, the Keycloak project joined the CNCF as an incubating project.Join this talk to learn how to use it, what’s ahead for the project, and how to contribute.