Authentication and authorization with KeyCloak. This contains both, theory parts on all important concepts, and hands-on practice labs.
Table of Contents (Tu Update)
To follow the hands-on workshop please open the workshop tutorial.
To check system requirements and setup for this workshop please follow the setup guide.
- Lab: Authorization Grant Flows in Action
- Demo: Authorization Code Grant Flow in Action
- Demo: A pre-defined OAuth2 client for GitHub
For the hands-on workshop you will extend a provided sample application along with guided tutorials.
The components you will build (and use) look like this:
Please check out the complete documentation for the sample application before starting with the first hands-on lab.
- Lab 1: OAuth2/OIDC Resource Server
- Lab 2: OAuth2/OIDC Web Client (Auth Code Flow)
- Lab 3: OAuth2/OIDC Batch Job Client (Client-Credentials Flow)
- Lab 4: OAuth2/OIDC Testing Environment
- Lab 5: JWT Testing Server
- Lab 6: OAuth2/OIDC Angular Client
- Lab 7: SpringBoot REST Service Protected Using Keycloak Authorization Services
- Lab 8: Spring Security Application using Authorization Services
- Lab 9: SpringBoot REST Service Protected Using Keycloak Authorization Services (Javascript Policies)
- Lab 10: User-Managed Access (UMA 2.0)
- Lab 19 : Simple Risk-Based Authenticator
- Lab 20 : Custom protocol token mapper
- Lab 21 : Custom Keycloak Required Action
- Lab 22 : Custom Event Listener
- Lab 23 : Custom REST resource/endpoint
- Lab 24 : Creating and deploying a new theme
- Multi-Tenant Resource Server
- OAuth2/OIDC Resource Server with Micronaut
- OAuth2/OIDC Resource Server with Quarkus
- Keycloak Testcontainers
- Keycloak Gatekeeper
This workshop is based on the following resources :
- Keycloak Quickstarts Examples
- Securing Microservices with OpenID Connect and Spring Security 5.1 @ Spring I/O 2019 by @andifalk.
- Keycloak/Authorization SpringBoot Example - devconf 2019 by @mposolda
Any feedback on this hands-on workshop is highly appreciated.
Apache 2.0 licensed