As usual when observer some tools you can also provide few referecne to alternatives at the end. PS i remebr that keycloak have some limitations where you need to code own interceptor/provider
Great start to the series! For those wondering Keycloak is pretty widely used in government agencies for example CERN (nuclear research) and bunch of companies too.
It's such a lovely thing to own your user profiles, being able to create tokens for any user or impersonate users opens many doors that cloud solutions keep closed.
Finally!!! I waited for it, thank you very much! I'm really looking forward to the continuation, especially how to customize the user registration process by adding event publishing and setting user role by some user inputs
Great and informative as always Milan. Im exploring this atm and this seems to be a good alternative to spinning up my own identity server. And the best thing about this is that I can self host this.
Nice informative video. Eagerly waiting for the series. I assume it will cover common scenarios for microservices like service to service communication with valid resource scopes and way to manage them. Appreciate your efforts !!!!
@@MilanJovanovicTechNo, it wouldn't -- had my predecessors avoided implementing wacky customizations to identityserver4, which needed to be ported to Duende in order to limit risk as idsvr4 and Duende have official version upgrade docs. But you're 100% right. A typical (and more secure) system using KeyCloak can be used, deployed, managed, etc. without ever needing to see a single line of Java.
Hey Milan, appreciate the great video. For some reason when i run the test on the KC test page, I get a "localhost" refused to connect" error. I followed all your steps in the video except my for my own local domain name
Hi Milan, I'm trying to configure keycloak to run directly on the host machine with nginx and Cloudflare. Do you have any tips? I've been trying to get this working for days with no success.
Doesn't the keycloak documentation SPECIFICALLY state NOT to use dev mode in production? Also how do you run it with a more permanent setup in docker-compose?
What would you personally recommend for identity for an enterprise level application out of Keycloak, auth0, azure ad, aws cognito or creating a custom JWT based solution
I really want to start using Keycloak. But is it possible to style the login, register etc. Or must I create custom screens that call the keycloak api? And if so is this a good idea?
What if you store users and hashed passwords elsewhere? We're looking for alternatives to IDP but we need to be able to manage users outside of the service. KeyCloak like it has a lot of user management built in. I guess that if you want to customize you need to write Java...
Not directly. One approach I can think of is creating a dedicated (confidential) client for each user, and they'd be able to exchange it for an access token
Maybe creating a new Authenticator and adding the record to the db directly is the only elegant way. I need to dig a bit into the keycloak interfaces I think it should be possible, but it’s a major effort
Thanks for this serie bro !! Was starting to check Ory ecosystem, I like the ideia of ory oathkeeper for centralized authorization server, so we can achieve the same here with Authorization Services Keycloak ? Like a reverse proxy for authorization. Also does anyone use ory? I started to check it, but did not do a real comparison between Ory and Keaclock (I need a service to deploy on my infra and that supports AD/LDAP federation)
please if you make such videos also explain how does keycloak make money from using it as identity provider. Real developers would use Keycloak Provider in real world scenarios.
Want to master Clean Architecture? Go here: bit.ly/3PupkOJ
Want to unlock Modular Monoliths? Go here: bit.ly/3SXlzSt
As usual when observer some tools you can also provide few referecne to alternatives at the end. PS i remebr that keycloak have some limitations where you need to code own interceptor/provider
Great start to the series! For those wondering Keycloak is pretty widely used in government agencies for example CERN (nuclear research) and bunch of companies too.
I wasn't aware of that, but that's great to know 😁
It's such a lovely thing to own your user profiles, being able to create tokens for any user or impersonate users opens many doors that cloud solutions keep closed.
A user impersonation video might be interesting, thanks for the idea
Finally!!! I waited for it, thank you very much! I'm really looking forward to the continuation, especially how to customize the user registration process by adding event publishing and setting user role by some user inputs
You're welcome 😊 I'm still planning what to cover next, so thanks for some ideas.
@@MilanJovanovicTechhow to setup different user access/role , has different menu? Then different access control even in same page.
Already using it in my projects with .NET 8.
Great product!
It's nice
Is it possible to connect to this via postgres?
Help me!
Great and informative as always Milan. Im exploring this atm and this seems to be a good alternative to spinning up my own identity server. And the best thing about this is that I can self host this.
Releasing another video soon for the .NET auth integration
Nice one Milan. Eagerly waiting for the next video of this series.
Thanks a ton
Great video! I needed a quick introduction to Keycloak, thank you :)
Glad it helped!
I'm your Russian fan. you make the best content. Люблю тебя ❤
Большой привет из Сербии! :)
@@MilanJovanovicTech Ахахахахаха знаешь русский) Когда видео на русском ? :)
Awesome video! Hopefully we get a continuation video soon :)
Very soon!
Nice informative video. Eagerly waiting for the series. I assume it will cover common scenarios for microservices like service to service communication with valid resource scopes and way to manage them.
Appreciate your efforts !!!!
I might introduce it into a microservices scenario at some point, for now I want to focus on integrating it with a .NET app
Great video! Looking forward to more videos on Keycloak.
Coming soon!
i need to check this out... looking awesome
It's pretty cool. Easy to setup. You can connect it to an existing DB like Postgres, etc.
This was what I needed. I just setup identity server on a new project. But if this is better for me then I will redo it with keycloak 😊
Awesome, glad I could help! :)
Great video! Can't wait for more Keycloak related videos ;)
More to come!
Good information. Thanks for this 🙏 🙌 👍 👏😊
Sure thing!
Thanks for that nice intro. Waiting for the next part.
Coming soon!
The number of times you drop a video on a topic I'm looking at is uncanny.
That's a good sign 😁
Very well explained!
Thanks a lot! :)
Wasn't aware of Keycloak . I mostly used okta . Good to know
This is like a free version where you manage everything
Excellent tutorial!
Thank you!
Thanks, good quality video
You're welcome
Nice! I just find it their documentation very confusing when running a production ready docker container =/
You and me both!
Hi Milan, at 10:32 you had an error in postman, I have the same error, what could it be?
Email typo 😂
@@MilanJovanovicTech Yeah, I think mine was typo on redirect
My employer is allergic to Java so we're stuck with Duende, but I really like how keycloak offers a UI right off the bat
If you treat it like a "black box", does it matter? 🤔
@@MilanJovanovicTechNo, it wouldn't -- had my predecessors avoided implementing wacky customizations to identityserver4, which needed to be ported to Duende in order to limit risk as idsvr4 and Duende have official version upgrade docs. But you're 100% right. A typical (and more secure) system using KeyCloak can be used, deployed, managed, etc. without ever needing to see a single line of Java.
Great video Milan. Would love to see the backend configuration for this on a NET Core Web API!
Working on that video tomorrow, and posting in a week or two!
Can you explain the framework of ABP, and explain the advantages and disadvantages?
Will consider
Can you tell me that when i click on Sign in button at 7:40 then new page open as "Unable to connect"
Most likely the redirect URIs aren't properly set (on the client)
very well explained.....Thank you 😊
Most welcome 😊
Great video!
Thanks!
Hey Milan, appreciate the great video.
For some reason when i run the test on the KC test page, I get a "localhost" refused to connect" error.
I followed all your steps in the video except my for my own local domain name
What am I doing wrong?
I have no idea, mate :)
@MilanJovanovicTech
how we can achive if we have two realm and single api for auth ?
Say each relam for each tenant ? Is it even possible ?
@@sreerajpsin Yes, you would define separate authentication schemes. This is actually a great idea for a video.
@@MilanJovanovicTech waiting
Hi Milan,
I'm trying to configure keycloak to run directly on the host machine with nginx and Cloudflare. Do you have any tips? I've been trying to get this working for days with no success.
My best tip is to keep trying. 😅 You're probably missing some ENV vars that makes this work behind a reverse proxy.
So the docker image that is running now in local, will have to be hosted on a server like EC2 and then we can use it in Live application?
Yes
@MilanJovanovicTech thanks.
Wow I need this for a proyect I’m in. Any idea of a course I could watch??
I'm not aware of one 🤷♂️
Doesn't the keycloak documentation SPECIFICALLY state NOT to use dev mode in production? Also how do you run it with a more permanent setup in docker-compose?
We aren't running this in production
Hey Milan, Nice video...I wanted to ask how can i programmatically signup and login from a web application using KeyCloak's API?
You can use the Keycloak REST API to get a password (Password flow), and same for registering. I'll do a video about it.
@@MilanJovanovicTech Thanks! That will be awesome
What would you personally recommend for identity for an enterprise level application out of Keycloak, auth0, azure ad, aws cognito or creating a custom JWT based solution
Pick any of those (Keycloak, auth0, azure ad, aws cognito), but I wouldn't recommend rolling your own
I really want to start using Keycloak. But is it possible to style the login, register etc. Or must I create custom screens that call the keycloak api? And if so is this a good idea?
Yes, but you need a UI dev to do it
Sir, have u ever faced that page keep refreshing after login? Could you please help me.. first login works normally , but not after all..
No, haven't seen that one
Is there a way to put role attributes in jwt? I am currently doing this with java spring.
Roles from Keycloak directly?
@@MilanJovanovicTech yes there is role information in jwt but i can't get the attributes of the roles is there a way to get this
What if you store users and hashed passwords elsewhere? We're looking for alternatives to IDP but we need to be able to manage users outside of the service. KeyCloak like it has a lot of user management built in. I guess that if you want to customize you need to write Java...
There's a simple REST API for managing users in Keycloak. Might be all you need?
hows does docker perform on windows. i'm assuming thats where it was installed in this tutorial?
Yes. Docker Deskopt running in WSL (Linux)
Does it support api key authentication? Meaning users can create api keys for programmatic usage of API resources protected under keycloak
Not directly. One approach I can think of is creating a dedicated (confidential) client for each user, and they'd be able to exchange it for an access token
Maybe creating a new Authenticator and adding the record to the db directly is the only elegant way. I need to dig a bit into the keycloak interfaces I think it should be possible, but it’s a major effort
Can this be used with a VR application?
No idea, I never built one
part -2 is awaited
Next week :)
Great stuff. How about Part 2 on deploying to a cloud server with Nginx reverse proxy and SSL to support all our apps?
That might be part 3, since I already recorded part 2
@@MilanJovanovicTech Ha, nice! I went to your channel for part 2. Not uploaded yet?
Wait... security responsibility on a opensource tool?
Yes
And why not?
and how do you integrate it with the authorization?
Coming in another video!
Are you from Slovakia?
Serbia
Is possible to implement multi tenant with keycloak?
Yes
We use keycloak too in our project
Nice!
If you can show how to enable user registration then it will be great 😃
Will do, thanks for bringing that up!
waiting for the next keyclock video
Recorded, comes out in a few weeks :)
@@MilanJovanovicTech thanks for your great effort
Thanks for this serie bro !! Was starting to check Ory ecosystem, I like the ideia of ory oathkeeper for centralized authorization server, so we can achieve the same here with Authorization Services Keycloak ? Like a reverse proxy for authorization.
Also does anyone use ory? I started to check it, but did not do a real comparison between Ory and Keaclock (I need a service to deploy on my infra and that supports AD/LDAP federation)
I never heard of Ory 🤷♂️
damn...I wish I'd seen this video 1 year ago. Regretting my cloud provider choice.
I wish I'd released it a year ago then 😅
It's a bummer that IdentityServer is now a commercial product :(. Keycloak is great, but it's Java
So what if it's Java?
to brate srbija!
Samo jako 💪
please if you make such videos also explain how does keycloak make money from using it as identity provider. Real developers would use Keycloak Provider in real world scenarios.
How it makes money? It doesn't.
@@MilanJovanovicTechso the possibility of keyclock getting deprecated?
@@aakashpoojary3968 No not really, it's in government use + Linux Foundation + Red Hat (Red Hat Single Sign-On is based on KeyCloak).