Keycloak Powered by GlobalSolutions
Keycloak
Powered by GS
Keycloak is an open-source Java-based Identity and Access Management (IAM) tool that allows users to sign in once and access multiple applications without re-entering their credentials. Keycloak works by storing and managing user information, permissions, and other configuration data. It also supports a range of authentication protocols, including OpenID Connect, SAML, and OAuth2.
Keycloak is a separate server that is managed on a network, and applications are configured to point to and be secured by this server. When a user tries to access a browser application, they are redirected from the application to the Keycloak authentication server where they can enter their credentials. This redirection isolates the user from the application, so the application never sees the user's credentials. Instead, the application is given a cryptographically signed identity token or assertion.
Keycloak can be integrated with common Identity providers like Google, Microsoft, and more.
We have ensured the image is hardened to be secured from all existing vulnerabilities.
Why Subscribe to our offering in AWS Marketplace
- We update the software constantly to the latest version to address security issues.
- Customers can kick-start their core work right away with our pre-packaged AMIs.
- Production-ready application stacks.
How to Access our AMIs from AWS Marketplace
- Subscribe to our AMI from AWS Marketplace.
- Login to the server following the below steps,
- ssh to the box using the following command, ssh -i yourpemfile.pem ubuntu@public IP of your server
- Once you are logged in you will land in the home directory
Installation Locations
| Category |
Packages |
Version Used |
Location |
| Java |
Java |
17 |
/usr/bin/java |
| Application server |
Keycloak |
23.0.0 |
/home/ubuntu/keycloak-23.0.0 |
Getting Started -
As mentioned above we have packaged Keycloak as a system service so it comes up when the server comes up. We have started the Keycloak in dev mode and this is required to start the application in HTTP mode. We have opened port 8080, please use your ec2 instance public IP to browse to Keycloak application using port 8080 (example - http://2.34.56.564, sample IP please not's use this IP as it will not work). This will take you to the Keycloak admin console. Log in to the Keycloak admin console using the username as 'admin' and password as 'admin'.
Once you login to the Keycloak the first step is to create a realm. Once you create a realm you will create a 'Client' and this is where you will integrate all the Identity providers like Google, Microsoft & more.
In the context of Keycloak, a realm is a space where you manage a set of users, roles, and groups. It’s essentially a container for user authentication and authorization settings
- Open the Keycloak Admin Console.
- Open the navigation bar in the top-left corner and click the word master then click Create Realm.
- Enter <realm name> in the Realm name field. In our sample, we have created a 'Test' and 'dev' sample realms.
Integrating the Application
Once you create a realm the next step is to configure the application that you want to get authenticated through Keycloak. To create a client get into the realm that you created in the above step and navigate to the client option on the left menu. Here you will create the client where you will tie up your application. There is a sample app provided by Keycloak. The sample app can be accessed from. https://www.keycloak.org/app/ . Use the client ID in this sample app provided by Keycloak to add it to the client ID field while creating the client. Once this client is created you have integrated the application with the Keycloak
Adding Identity Providers
After integrating the application the next step is to add the Identity providers, in this document, we will cover the steps for adding Google as the Identity provider.
- Got to Google Dev Console and create a project.
- Go into the project, navigate to the OAuth console page, and provide the necessary information as below.
- Once the OAuth consent is provided create the credentials, in this page select OAuth client ID, Web application.
- Add the redirect URI from the Keycloak Google identity provider and add it here.
- Finally, you will get the clientID and secret which you provide on the Keycloak identity page.
- Once these steps are done your application is now authenticated through Keycloak.
We specialize in this integration, we can also run this as a service if you feel it is difficult to integrate. Please reach out to our support organization if you need any help.
Our other offerings that have a huge demand from our customer base is the AWS Cost Optimizer aka CloudInsider
We offer a Cost Optimizer SAAS service aka CloudInsider in AWS Marketplace. This offering has helped our customers save a ton of money on the AWS and other Cloud spends. It is easy to subscribe and you can see the savings in minutes. You can get a quick demo of the product from the below video and subscribe to the product from the below AWS Marketplace link.
Demo video of the AWS Cost Optimizer
Subscribe to our AWS Cost Optimizer
Support
Please contact us at support@theglobalsolutions.net for any questions on this offering in AWS Marketplace.
>
The Global Solutions
