Securing your Spring Applications with Keycloak

Thomas Darimont - codecentric AG

Explore the integration of Keycloak, a comprehensive open-source identity and access management tool, with Spring applications in our focused one-day workshop. Ideal for securing diverse Spring architectures, including REST APIs, server-side applications, and IoT devices, Keycloak offers robust OAuth and OpenID Connect implementations. In this immersive session, you’ll gain hands-on experience employing Keycloak for authentication and single sign-on capabilities. Learn to augment OAuth tokens with custom data and effectively manage access control within your Spring applications. Our agenda includes:

1. A thorough introduction to Keycloak.
2. Practical exercises on OAuth and OpenID Connect.
3. Insights into securing various Spring application models.

Additionally, you’ll delve into Keycloak customization and extension development, equipping you with skills to tailor Keycloak to your specific requirements.

Workshop Highlights:

1. Keycloak: Introduction and Comprehensive Overview
2. Practical Implementation of OAuth and OpenID Connect
   1. Core Concepts and Terms
   2. Overview of OAuth 2.1
   3. Authorization Code Flow
   4. Client Credentials Grant Flow
   5. Device Flow
   6. Proof Key for Code Exchange
   7. Advanced OAuth Usage Patterns (PAR, RAR)
3. Keycloak in Spring Applications:
   1. Securing REST APIs
   2. Server-Side Web Applications
   3. Backend for Frontend (BFF) Patterns
   4. IoT Device Integration
4. Customising and Extending Keycloak: Basics and Advanced Techniques
   1. Theming Basics
   2. Authenticators and Auth Flows
   3. Protocol Mappers
   4. Event Listeners

Outcome:

Participants will leave with a solid foundation in Keycloak, equipped to implement advanced security measures in various Spring application types, and the know-how to customize and extend Keycloak functionalities to meet unique project needs.