https://janikvonrotz.ch/tags/keycloak/ Recent content in Keycloak on Janik von Rotz Hugo en-us Mon, 08 Mar 2021 10:46:43 +0100 https://janikvonrotz.ch/2021/03/08/08-upgrade-keycloak-docker-container/ Mon, 08 Mar 2021 10:46:43 +0100 https://janikvonrotz.ch/2021/03/08/08-upgrade-keycloak-docker-container/ <p>Upgrading Keycloak is not so difficult as supports automatically migrating the database to a new version.</p> <p>Nonetheless, Keycloak is a critical piece of software in every infrastructure. Under no circumstances you want the upgrade to fail. I will show you some upgrade preparations for a docker-based setup that ensure you can restore the service in the worst case scenario.</p> https://janikvonrotz.ch/2020/10/20/openid-connect-with-nextcloud-and-keycloak/ Tue, 20 Oct 2020 08:43:32 +0200 https://janikvonrotz.ch/2020/10/20/openid-connect-with-nextcloud-and-keycloak/ <p>Keycloak and Nextcloud are both popular open source software. The first is an identity provider and broker, the second one is collaboration platform. Instead of having multiple accounts on several online platforms, you want to have one identity and log into multiple platforms. This is the job of the <a href="https://openid.net/connect/">OpenID Connect protocol</a> and is supported by Keycloak. In this guide I walk you through the steps of connecting Nextcloud with Keycloak to support a seamless single sign-on experience.</p> https://janikvonrotz.ch/2020/08/27/grafana-oauth-with-keycloak-and-how-to-validate-a-jwt-token/ Thu, 27 Aug 2020 17:18:30 +0200 https://janikvonrotz.ch/2020/08/27/grafana-oauth-with-keycloak-and-how-to-validate-a-jwt-token/ <p>In this tutorial I am going to show how you can connect a <a href="https://grafana.com/">Garafana</a> container that is hidden behind proxy with Keycloak. We want to log into Grafana with a Keycloak user and experience a seamless SSO-flow. Therefore we are going to configure an OAuth client for Grafana.</p> https://janikvonrotz.ch/2020/04/30/role-based-access-control-for-multiple-keycloak-clients/ Thu, 30 Apr 2020 22:38:57 +0200 https://janikvonrotz.ch/2020/04/30/role-based-access-control-for-multiple-keycloak-clients/ <p>Role based access control (RBAC) is a common feature in identity and access management (IAM) systems. Granting access to applications by assigning roles to a selection of users is the proper way to manage access permissions.</p> <p>In this guide I will show you how this can be implemented with Keycloak. We will create a authentication flow that checks if a user is eligible to access the client. This authentication flow can be applied to any Keycloak client.</p> https://janikvonrotz.ch/2020/04/24/odoo-oauth-authentication-with-keycloak/ Fri, 24 Apr 2020 17:08:49 +0200 https://janikvonrotz.ch/2020/04/24/odoo-oauth-authentication-with-keycloak/ <h1 id="introduction">Introduction</h1> <p>OAuth is an authorization framework that enables applications to obtain limited access to user accounts on an HTTP service. It works by delegating user authentication to the service that hosts the user account, and authorizing third-party applications to access the user account.</p> <p>In our scenario Keycloak acts as the OAuth service and Odoo as the application that delegates the user authentication. In this guide you learn how to configure Odoo and Keycloak to handle an implicit OAuth flow.</p>