As usual when observer some tools you can also provide few referecne to alternatives at the end. PS i remebr that keycloak have some limitations where you need to code own interceptor/provider
Great start to the series! For those wondering Keycloak is pretty widely used in government agencies for example CERN (nuclear research) and bunch of companies too.
It's such a lovely thing to own your user profiles, being able to create tokens for any user or impersonate users opens many doors that cloud solutions keep closed.
Finally!!! I waited for it, thank you very much! I'm really looking forward to the continuation, especially how to customize the user registration process by adding event publishing and setting user role by some user inputs
Great and informative as always Milan. Im exploring this atm and this seems to be a good alternative to spinning up my own identity server. And the best thing about this is that I can self host this.
Nice informative video. Eagerly waiting for the series. I assume it will cover common scenarios for microservices like service to service communication with valid resource scopes and way to manage them. Appreciate your efforts !!!!
It seems like an excellent free source to add an extra layer of security on top of your API, and the only downsides would be: 1 - You will need to pay to host an extra service (API + database + Keycloak), which is not a problem if you consider that paying for an auth service would be more expensive (Microsoft Entra ID, Firebase, etc.). 2 - You will likely experience some latency between your requests, as you will need to check the metadata on your Keycloak server every time. This might not be a significant issue, and you could also implement caching to mitigate this. Overall, it seems like a very good tool for developing personal projects. Thank you very much for this video.
1 - You can use the existing app database (if you have one) with a dedicated schema 2 - The server can cache the Keycloak metadata (which it does by default) to reduce # of round trips
Thanks for this. Which keycloak version you used for this video, please let me know. Also, do you have any other document or resource to use google credentials via keycloak for login linux servers using ssh through PAM.
@@MilanJovanovicTechNo, it wouldn't -- had my predecessors avoided implementing wacky customizations to identityserver4, which needed to be ported to Duende in order to limit risk as idsvr4 and Duende have official version upgrade docs. But you're 100% right. A typical (and more secure) system using KeyCloak can be used, deployed, managed, etc. without ever needing to see a single line of Java.
What would you personally recommend for identity for an enterprise level application out of Keycloak, auth0, azure ad, aws cognito or creating a custom JWT based solution
Hi Milan.... I also wanted use Keycloak but my use case is different. I have existing identity server and wanted to connect with Keycloak. so I can use keycloak only for authorization. how we can connect with external identity provider and ho to use user federation.
Hey Milan, appreciate the great video. For some reason when i run the test on the KC test page, I get a "localhost" refused to connect" error. I followed all your steps in the video except my for my own local domain name
I really want to start using Keycloak. But is it possible to style the login, register etc. Or must I create custom screens that call the keycloak api? And if so is this a good idea?
Not directly. One approach I can think of is creating a dedicated (confidential) client for each user, and they'd be able to exchange it for an access token
Maybe creating a new Authenticator and adding the record to the db directly is the only elegant way. I need to dig a bit into the keycloak interfaces I think it should be possible, but it’s a major effort
Hi Milan, I'm trying to configure keycloak to run directly on the host machine with nginx and Cloudflare. Do you have any tips? I've been trying to get this working for days with no success.
What if you store users and hashed passwords elsewhere? We're looking for alternatives to IDP but we need to be able to manage users outside of the service. KeyCloak like it has a lot of user management built in. I guess that if you want to customize you need to write Java...
Doesn't the keycloak documentation SPECIFICALLY state NOT to use dev mode in production? Also how do you run it with a more permanent setup in docker-compose?
Thanks for this serie bro !! Was starting to check Ory ecosystem, I like the ideia of ory oathkeeper for centralized authorization server, so we can achieve the same here with Authorization Services Keycloak ? Like a reverse proxy for authorization. Also does anyone use ory? I started to check it, but did not do a real comparison between Ory and Keaclock (I need a service to deploy on my infra and that supports AD/LDAP federation)
please if you make such videos also explain how does keycloak make money from using it as identity provider. Real developers would use Keycloak Provider in real world scenarios.
Want to master Clean Architecture? Go here: bit.ly/3PupkOJ
Want to unlock Modular Monoliths? Go here: bit.ly/3SXlzSt
As usual when observer some tools you can also provide few referecne to alternatives at the end. PS i remebr that keycloak have some limitations where you need to code own interceptor/provider
Great start to the series! For those wondering Keycloak is pretty widely used in government agencies for example CERN (nuclear research) and bunch of companies too.
I wasn't aware of that, but that's great to know 😁
It's such a lovely thing to own your user profiles, being able to create tokens for any user or impersonate users opens many doors that cloud solutions keep closed.
A user impersonation video might be interesting, thanks for the idea
Finally!!! I waited for it, thank you very much! I'm really looking forward to the continuation, especially how to customize the user registration process by adding event publishing and setting user role by some user inputs
You're welcome 😊 I'm still planning what to cover next, so thanks for some ideas.
@@MilanJovanovicTechhow to setup different user access/role , has different menu? Then different access control even in same page.
Already using it in my projects with .NET 8.
Great product!
It's nice
Is it possible to connect to this via postgres?
Help me!
Great and informative as always Milan. Im exploring this atm and this seems to be a good alternative to spinning up my own identity server. And the best thing about this is that I can self host this.
Releasing another video soon for the .NET auth integration
Nice one Milan. Eagerly waiting for the next video of this series.
Thanks a ton
Awesome video! Hopefully we get a continuation video soon :)
Very soon!
Great video! Can't wait for more Keycloak related videos ;)
More to come!
Great video! I needed a quick introduction to Keycloak, thank you :)
Glad it helped!
This was what I needed. I just setup identity server on a new project. But if this is better for me then I will redo it with keycloak 😊
Awesome, glad I could help! :)
i need to check this out... looking awesome
It's pretty cool. Easy to setup. You can connect it to an existing DB like Postgres, etc.
I'm your Russian fan. you make the best content. Люблю тебя ❤
Большой привет из Сербии! :)
@@MilanJovanovicTech Ахахахахаха знаешь русский) Когда видео на русском ? :)
Thanks for that nice intro. Waiting for the next part.
Coming soon!
The number of times you drop a video on a topic I'm looking at is uncanny.
That's a good sign 😁
Nice informative video. Eagerly waiting for the series. I assume it will cover common scenarios for microservices like service to service communication with valid resource scopes and way to manage them.
Appreciate your efforts !!!!
I might introduce it into a microservices scenario at some point, for now I want to focus on integrating it with a .NET app
Excellent tutorial!
Thank you!
Very well explained!
Thanks a lot! :)
It seems like an excellent free source to add an extra layer of security on top of your API, and the only downsides would be:
1 - You will need to pay to host an extra service (API + database + Keycloak), which is not a problem if you consider that paying for an auth service would be more expensive (Microsoft Entra ID, Firebase, etc.).
2 - You will likely experience some latency between your requests, as you will need to check the metadata on your Keycloak server every time. This might not be a significant issue, and you could also implement caching to mitigate this.
Overall, it seems like a very good tool for developing personal projects. Thank you very much for this video.
1 - You can use the existing app database (if you have one) with a dedicated schema
2 - The server can cache the Keycloak metadata (which it does by default) to reduce # of round trips
Great video! Looking forward to more videos on Keycloak.
Coming soon!
Wasn't aware of Keycloak . I mostly used okta . Good to know
This is like a free version where you manage everything
very well explained.....Thank you 😊
Most welcome 😊
Great video Milan. Would love to see the backend configuration for this on a NET Core Web API!
Working on that video tomorrow, and posting in a week or two!
Good information. Thanks for this 🙏 🙌 👍 👏😊
Sure thing!
Thanks for this. Which keycloak version you used for this video, please let me know.
Also, do you have any other document or resource to use google credentials via keycloak for login linux servers using ssh through PAM.
I'm not sure, it could be 24/25/26 something like that
Thanks, good quality video
You're welcome
My employer is allergic to Java so we're stuck with Duende, but I really like how keycloak offers a UI right off the bat
If you treat it like a "black box", does it matter? 🤔
@@MilanJovanovicTechNo, it wouldn't -- had my predecessors avoided implementing wacky customizations to identityserver4, which needed to be ported to Duende in order to limit risk as idsvr4 and Duende have official version upgrade docs. But you're 100% right. A typical (and more secure) system using KeyCloak can be used, deployed, managed, etc. without ever needing to see a single line of Java.
Nice! I just find it their documentation very confusing when running a production ready docker container =/
You and me both!
Great video!
Thanks!
Can you explain the framework of ABP, and explain the advantages and disadvantages?
Will consider
What would you personally recommend for identity for an enterprise level application out of Keycloak, auth0, azure ad, aws cognito or creating a custom JWT based solution
Pick any of those (Keycloak, auth0, azure ad, aws cognito), but I wouldn't recommend rolling your own
So the docker image that is running now in local, will have to be hosted on a server like EC2 and then we can use it in Live application?
Yes
@MilanJovanovicTech thanks.
@MilanJovanovicTech
how we can achive if we have two realm and single api for auth ?
Say each relam for each tenant ? Is it even possible ?
@@sreerajpsin Yes, you would define separate authentication schemes. This is actually a great idea for a video.
@@MilanJovanovicTech waiting
Hi Milan....
I also wanted use Keycloak but my use case is different. I have existing identity server and wanted to connect with Keycloak. so I can use keycloak only for authorization.
how we can connect with external identity provider and ho to use user federation.
I don't know if that's possible.
Can you tell me that when i click on Sign in button at 7:40 then new page open as "Unable to connect"
Most likely the redirect URIs aren't properly set (on the client)
We are sorry...
Page not found is the error.
what do i do now???
???
@@MilanJovanovicTech when try to access auth admin page as need to create realm, client and user.
Hey Milan, appreciate the great video.
For some reason when i run the test on the KC test page, I get a "localhost" refused to connect" error.
I followed all your steps in the video except my for my own local domain name
What am I doing wrong?
I have no idea, mate :)
Hi Milan, at 10:32 you had an error in postman, I have the same error, what could it be?
Email typo 😂
@@MilanJovanovicTech Yeah, I think mine was typo on redirect
I really want to start using Keycloak. But is it possible to style the login, register etc. Or must I create custom screens that call the keycloak api? And if so is this a good idea?
Yes, but you need a UI dev to do it
hows does docker perform on windows. i'm assuming thats where it was installed in this tutorial?
Yes. Docker Deskopt running in WSL (Linux)
and how do you integrate it with the authorization?
Coming in another video!
Wow I need this for a proyect I’m in. Any idea of a course I could watch??
I'm not aware of one 🤷♂️
Does it support api key authentication? Meaning users can create api keys for programmatic usage of API resources protected under keycloak
Not directly. One approach I can think of is creating a dedicated (confidential) client for each user, and they'd be able to exchange it for an access token
Maybe creating a new Authenticator and adding the record to the db directly is the only elegant way. I need to dig a bit into the keycloak interfaces I think it should be possible, but it’s a major effort
Hi Milan,
I'm trying to configure keycloak to run directly on the host machine with nginx and Cloudflare. Do you have any tips? I've been trying to get this working for days with no success.
My best tip is to keep trying. 😅 You're probably missing some ENV vars that makes this work behind a reverse proxy.
Is there a way to put role attributes in jwt? I am currently doing this with java spring.
Roles from Keycloak directly?
@@MilanJovanovicTech yes there is role information in jwt but i can't get the attributes of the roles is there a way to get this
What if you store users and hashed passwords elsewhere? We're looking for alternatives to IDP but we need to be able to manage users outside of the service. KeyCloak like it has a lot of user management built in. I guess that if you want to customize you need to write Java...
There's a simple REST API for managing users in Keycloak. Might be all you need?
part -2 is awaited
Next week :)
Wait... security responsibility on a opensource tool?
Yes
And why not?
Doesn't the keycloak documentation SPECIFICALLY state NOT to use dev mode in production? Also how do you run it with a more permanent setup in docker-compose?
We aren't running this in production
Sir, have u ever faced that page keep refreshing after login? Could you please help me.. first login works normally , but not after all..
No, haven't seen that one
Hey Milan, Nice video...I wanted to ask how can i programmatically signup and login from a web application using KeyCloak's API?
You can use the Keycloak REST API to get a password (Password flow), and same for registering. I'll do a video about it.
@@MilanJovanovicTech Thanks! That will be awesome
We use keycloak too in our project
Nice!
Can this be used with a VR application?
No idea, I never built one
Great stuff. How about Part 2 on deploying to a cloud server with Nginx reverse proxy and SSL to support all our apps?
That might be part 3, since I already recorded part 2
@@MilanJovanovicTech Ha, nice! I went to your channel for part 2. Not uploaded yet?
Is possible to implement multi tenant with keycloak?
Yes
can you forward me the github or any repo link spring boot microservices which has complete keycloak into???
No idea for spring boot
If you can show how to enable user registration then it will be great 😃
Will do, thanks for bringing that up!
Are you from Slovakia?
Serbia
waiting for the next keyclock video
Recorded, comes out in a few weeks :)
@@MilanJovanovicTech thanks for your great effort
Thanks for this serie bro !! Was starting to check Ory ecosystem, I like the ideia of ory oathkeeper for centralized authorization server, so we can achieve the same here with Authorization Services Keycloak ? Like a reverse proxy for authorization.
Also does anyone use ory? I started to check it, but did not do a real comparison between Ory and Keaclock (I need a service to deploy on my infra and that supports AD/LDAP federation)
I never heard of Ory 🤷♂️
damn...I wish I'd seen this video 1 year ago. Regretting my cloud provider choice.
I wish I'd released it a year ago then 😅
It's a bummer that IdentityServer is now a commercial product :(. Keycloak is great, but it's Java
So what if it's Java?
to brate srbija!
Samo jako 💪
please if you make such videos also explain how does keycloak make money from using it as identity provider. Real developers would use Keycloak Provider in real world scenarios.
How it makes money? It doesn't.
@@MilanJovanovicTechso the possibility of keyclock getting deprecated?
@@aakashpoojary3968 No not really, it's in government use + Linux Foundation + Red Hat (Red Hat Single Sign-On is based on KeyCloak).