Security - Thomas Vitale | Software Engineer, Spring & Java EE, App Security

Keycloak Authentication Flows, SSO Protocols and Client Configuration

In this article, I'm going to introduce the concept of authentication flows. Then, I'll briefly mention the two protocols Keycloak can use to provide its services: OpenID Connect (on top of OAuth 2.0) and SAML. Finally, I'll show you how to configure Keycloak clients.

Security

Access Control: Identification, Authentication, and Authorization

Unauthorized access to data and resources is one of the most significant and dangerous risks of the digital world. The OWASP Foundation, in their project about the Top 10 Application Security Risks - 2017, placed “Broken Authentication” as second, “Broken Access Control” as fifth.

Keycloak

Securing a Spring Boot Application with Keycloak - A First Look

In this article, we're going to learn how to: set up a Spring Boot application for a public library, define the application resources, add access policies based on user roles. We're going to use OAuth 2.0 and OpenID Connect, specifically the standard Authorization Code Flow.

Keycloak

Keycloak Basic Configuration for Authentication and Authorization

Managing authentication and authorization is an essential task in every good-designed web application or service. Keycloak makes it very easy and practical, letting us focus on the application business logic rather than on the implementation of security features.

Keycloak

Introducing Keycloak for Identity and Access Management

This article is the first of a series where I'd like to introduce Keycloak as a solution to manage authentication and authorization, how to install it and which are the fundamental concepts and configurations.

Spring

How to enable HTTPS in a Spring Boot Java application

Setting up HTTPS for Spring Boot requires two steps: getting an SSL certificate and configuring SSL in Spring Boot. Whether you're going to generate a self-signed certificate or you have already got one by a CA, I'll show you how to enable HTTPS in a Spring Boot application.