Keycloak Intro

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello this is a short high-level introductory presentation on the Key Club project in this presentation we will discuss some core features of key cloak then demo them so you can see them in action so what is key cloak key cloak is a single sign-on solution that you can use to secure your browser applications and your rest web services it also provides social login support for those applications that need to integrate with Google Plus Facebook and other social providers key kalokhe was designed to be an out-of-the-box turnkey solution key cloak comes pre-configured with all the user interfaces you might need to secure your applications there are screens for login user registration and a user account management key cloak also has an admin console that can be used to administrate your security metadata besides single sign-on key cloak also has session management features users can log out of all the applications they have visited in a single session with one-click both the users and administrators can view and manage their open SSO sessions administrators can view server wide stats as well as automatically log out one or more users from the administration console key cloak can store and retrieve claim metadata like name address and phone number you can also assign permissions to users through our user role mapping facility you have the option to store security metadata in either a relational database or within the no sequel database key cloak also provides user Federation with LDAP and Microsoft Active Directory key click also has a federation spi that your developers can use to integrate with any external service that you might have that stores user metadata okay enough talk let's actually do a demo of key cloak in this demo key cloak will be used to secure access to two applications one application is a very simple customer portal that just displays a list of customers ordering the customer database the other application is a simple product portal that just displays a list of products from the product database once I have logged into the key clock server I will have established a secure session and I will be able to visit either application without having to real aughh in let's see this demo in action this is the Welcome page of our customer portal application clicking on the customer listing link here will bring me to a secure page that will list the customers in the database since I am not logged in I will be redirected to the key hooks server where I will have to enter in my username and password so let's click on that link here this login screen is rendered by the key click authentication server and comes pre-configured out-of-the-box I'll enter in my username and password here and when I click login I'll be redirected back to the customer portal so let's enter my username my password when I click on this login link I'll we will be redirected back to the customer portal so now we're logged in and this is the customer portal page that provides a list of customers from the customer database so you see here the customer listing right here there's also some user metadata that it displays right here that was obtained from the key clock server this is information about the user that's actually logged in you can get information like the email address of the user their full name their address the user name really all that kind of claim metadata about the user that is logged in right now okay so that's the customer listing page let's now go visit the product portal the product application since I'm already already logged in I can visit the product application without having to real aughh in and I have a link to it on the customer portal page so this is the product Welcome page and this product listing link here is the page that is actually secured and when I click on this I'm already logged in and will be able to view the listing see here we get a simple product listing I can go back and forth between the customer portal and the product portal without having to real aughh in so that's single sign-on with kink look another great feature that Kiko has is user account management as a logged in user I may want to manage certain aspects of my account if I click on this manage account link here I will be brought to some screens that can help me to do this so these pages here are provided by key cloak they allow me as a logged in user to change things like my email address and my name I can also change and reset my password and I can also view information about my open single sign-on sessions for example I'm log I know I'm logged in right now and I see that I have logged in from this IP address this is the time and date when I logged in and these are the applications that I have visited finally from this particular page here I can actually log myself out of all of any open single sign-on sessions okay sessions can also be viewed and managed by administrator so let me login to the key click administration console so I can show you this stuff now log in as admin the login button here and this is the key cloak administration console if I click on the sessions and tokens link here I can see for the entire realm which applications have active sessions how many so you see here we have one user active session with a customer portal and active session with the product portal I can log out everybody that's logged into the realm right now if I want to with this button here I can also drill down on you application so I'm drilling down on the customer portal application here and you can see I have one active session and I can list the users that are logged in to the customer portal I can drill down even further here so I click on B Burke here and I'm brought to the user management user management page for for B Burke and then I can see the sessions for that particular user this looks about pretty much like the easier account management page has the same information the IP address when the session started the applications that were visited and also has a logout link so for this particular user session I can log out that particular session or I can log out all the sessions so let's do that click the logout button here and see now when I visit the product listing page I have to reload in okay so now that we're in the key click administration console there is some other features that I can show you that kegel has so let's go to the Settings link here and go to the login menu item one great thing about the console is that has tooltips if you see a little information icon you can mouse over it and it will give you a short description of what that particular user interface item does okay so the first thing I want to show you is a user registration key cloak out of the box comes with a user registration page that you can enable from the administration console so I will enable it here I'll click Save and now when I go to the login page for my realm and I hit refresh you see that there now is a register link so as a user coming into the site for the first time I am able to register myself we have a simple registration page another feature that Kiko look has is forgot password if you click the forgot password check box here click Save you'll have to configure your email server settings what you'll see here is when i refresh the page there is now a forgot password link when I click on this forgot password link I can specify specify my username or email and key click will send me an email that has a link that I can click on that will allow me to reset my password ok another thing that Kiko has is a Remember Me option if I enable that go back to the login page see now there is a remember me checkbox usually when you close down your browser you're logged out of all your sessions what they remember me checkbox allows you to do is the user can click it and when they log in and if they close our browser there will still be logged in ok so those those are some simple login options another cool thing that keep key club can do is it can allow you to log into Google Facebook and other social providers so you have to make sure that the the login checkbox is enabled that's already enabled we'll go to the social menu item here and we'll add a Facebook provider and I'm going to go on right now I'm just entering some dummy keys but you'll usually have to go to Google and Facebook to set up your client account there so that you can accept logins through your applications so I'll save changes here and I'll refresh the login page and you can see now I can log into Facebook or Google now the great thing about key cloak is you're not limited to just password credentials so right now key cloak is configured to require users to enter in a password when they when they log in you might want some more secure credential login acquirements like a one-time password generator or two-factor authentication what this is is a little token generator that runs on your iPhone or your Android device and it generates a temporary password every minute that changes so when a user logs in they will have to enter in their password as well as get this temporary password from their iPhone or their Google Android device so now the user is required to log in via one-time password I'll click Save here and when I log in now whoops enter in my password hit login now since one-time password has been selected as a required credential when I login for the first time after that setting has been configured I will have to configure one-time password for this particular user so each user will have to go through this so this page will tell you to go download the Google Authenticator application to your iPhone or your Android device and it has this nice scannable image here and I'll do that right now right now you can't see it but I'm on my iPhone and I'm going to scan this barcode in and my Authenticator will automatically be configured on my iPhone and after I've done that I must specify my one-time password so this password is only viable for one minute and I'm entering it in right now and once I click that I will be logged in okay okay okay another great thing that Key Club can do for you is that has pluggable themes so right now when I log into the customer portal or product portal you see I have this generic page that comes out of the blocks with key cloak and I have this key click icon now that isn't too great for your application because you probably want to brand the the login page for your particular websites so what I'm going to do here is I have a pre-configured theme that will change this icon here to be a Red Hat logo so I will change that click Save and now when i refresh you see that there is a Red Hat logo on the page I'm not just limited to setting what the logo is key cloak has some some style sheets that you can modify on the fly you can change the format of the login page using our template formatting engine and you can do this not only with the login page but the user account management page you can specify different theme and even though the admin console you can change its skin as well okay that's about it for this presentation I went over some of the basic core features of key cloak key cloak has a lot of other interesting features as well so I urge you to read some of our documentation on our website or view some of the other screencast tutorials that are available from our document documentation page alright thanks a lot have a good day

Info

Channel: Bill Burke

Views: 42,878

Rating: 4.9302325 out of 5

Keywords:

Id: 5MQoJZKXM_s

Channel Id: undefined

Length: 14min 36sec (876 seconds)

Published: Wed Sep 03 2014