Keycloak\u00c2\u00a0is an open source software product to allow\u00c2\u00a0single sign-on\u00c2\u00a0with\u00c2\u00a0Identity and Access Management\u00c2\u00a0aimed at modern applications and services. As of March 2018\u00c2\u00a0this\u00c2\u00a0JBoss\u00c2\u00a0community project is under the stewardship of\u00c2\u00a0Red Hat\u00c2\u00a0who use it as the\u00c2\u00a0upstream\u00c2\u00a0project for their\u00c2\u00a0RH-SSO<\/i>\u00c2\u00a0product.<\/p>\n
The features of Keycloak include:<\/p>\n
Single sign-on\u00c2\u00a0(SSO) is an authentication scheme that allows a user to\u00c2\u00a0log in\u00c2\u00a0with a single ID and password to any of several related, yet independent, software systems.<\/p>\n
True single sign-on allows the user to log in once and access services without re-entering authentication factors.<\/p>\n
It should not be confused with same-sign on (Directory Server Authentication), often accomplished by using the\u00c2\u00a0Lightweight Directory Access Protocol\u00c2\u00a0(LDAP) and stored LDAP databases on (directory) servers.<\/p>\n
A simple version of single sign-on can be achieved over\u00c2\u00a0IP networks\u00c2\u00a0using\u00c2\u00a0cookies\u00c2\u00a0but only if the sites share a common DNS parent domain.<\/p>\n
For clarity, a distinction is made between Directory Server Authentication (same-sign on) and single sign-on: Directory Server Authentication refers to systems requiring authentication for each application but using the same credentials from a directory server, whereas single sign-on refers to systems where a single authentication provides access to multiple applications by passing the authentication token seamlessly to configured applications.<\/p>\n
Conversely,\u00c2\u00a0single sign-off\u00c2\u00a0or\u00c2\u00a0single log-out\u00c2\u00a0(SLO) is the property whereby a single action of signing out terminates access to multiple software systems.<\/p>\n
As different applications and resources support different\u00c2\u00a0authentication\u00c2\u00a0mechanisms, single sign-on must internally store the credentials used for initial authentication and translate them to the credentials required for the different mechanisms.<\/p>\n
Other shared authentication schemes, such as\u00c2\u00a0OpenID\u00c2\u00a0and\u00c2\u00a0OpenID Connect, offer other services that may require users to make choices during a sign-on to a resource, but can be configured for single sign-on if those other services (such as user consent) are disabled.\u00c2\u00a0An increasing number of federated social logons, like\u00c2\u00a0Facebook Connect, do require the user to enter consent choices upon first registration with a new resource, and so are not always single sign-on in the strictest sense.<\/p>\n
Identity management\u00c2\u00a0(IdM), also known as\u00c2\u00a0identity and access management\u00c2\u00a0(IAM\u00c2\u00a0or\u00c2\u00a0IdAM), is a framework of policies and technologies for ensuring that the proper people in an enterprise have the appropriate access to technology resources. IdM systems fall under the overarching umbrellas of\u00c2\u00a0IT security\u00c2\u00a0and\u00c2\u00a0data management. Identity and access management systems not only identify, authenticate, and authorize individuals who will be utilizing IT resources, but also the hardware and applications employees need to access.\u00c2\u00a0Identity and access management solutions have become more prevalent and critical in recent years as regulatory compliance requirements have become increasingly more rigorous and complex.<\/p>\n
It addresses the need to ensure appropriate access to resources across increasingly heterogeneous technology environments and to meet increasingly rigorous compliance requirements.<\/p>\n
The terms “identity management” (IdM) and “identity and access management” are used interchangeably in the area of identity access management.<\/p>\n
Identity-management systems, products, applications and platforms manage identifying and ancillary data about entities that include individuals, computer-related hardware, and\u00c2\u00a0software applications.<\/p>\n
IdM covers issues such as how users gain an\u00c2\u00a0identity, the roles and, sometimes, the permissions that identity grants, the protection of that identity and the technologies supporting that protection (e.g.,\u00c2\u00a0network protocols,\u00c2\u00a0digital certificates,\u00c2\u00a0passwords, etc.<\/p>\n
The first production release of Keycloak was in September 2014, with development having started about a year earlier. In 2016 Red Hat switched the RH SSO product from being based on the PicketLink framework to being based on the Keycloak upstream Project.\u00c2\u00a0This followed a merging of the PicketLink codebase into Keycloak.<\/p>\n
To some extent Keycloak can now also be considered a replacement of the Red Hat\u00c2\u00a0JBoss SSO<\/i>\u00c2\u00a0open source product which was previously superseded by PicketLink.\u00c2\u00a0As of March 2018\u00c2\u00a0JBoss.org is redirecting the old jbosssso subsite to the Keycloak website. The JBoss name is a registered trademark and Red Hat moved its upstream open source projects names to avoid using JBoss,\u00c2\u00a0JBoss AS<\/i>\u00c2\u00a0to\u00c2\u00a0Wildfly<\/i>\u00c2\u00a0being a more commonly recognized example.<\/p>\n
The above is a brief about Keycloak. Watch this space more updates on the latest trends in Technology.<\/p>\n","protected":false},"excerpt":{"rendered":"
Keycloak\u00c2\u00a0is an open source software<\/p>\n","protected":false},"author":1,"featured_media":1588,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[781,643,7],"tags":[782,645,18],"class_list":["post-1586","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-keycloak","category-open-source-software","category-techtrends","tag-keycloak","tag-open-source-software","tag-technology"],"_links":{"self":[{"href":"https:\/\/blog.amt.in\/index.php\/wp-json\/wp\/v2\/posts\/1586","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.amt.in\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.amt.in\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.amt.in\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.amt.in\/index.php\/wp-json\/wp\/v2\/comments?post=1586"}],"version-history":[{"count":1,"href":"https:\/\/blog.amt.in\/index.php\/wp-json\/wp\/v2\/posts\/1586\/revisions"}],"predecessor-version":[{"id":1587,"href":"https:\/\/blog.amt.in\/index.php\/wp-json\/wp\/v2\/posts\/1586\/revisions\/1587"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.amt.in\/index.php\/wp-json\/wp\/v2\/media\/1588"}],"wp:attachment":[{"href":"https:\/\/blog.amt.in\/index.php\/wp-json\/wp\/v2\/media?parent=1586"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.amt.in\/index.php\/wp-json\/wp\/v2\/categories?post=1586"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.amt.in\/index.php\/wp-json\/wp\/v2\/tags?post=1586"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}