Great start to the series! For those wondering Keycloak is pretty widely used in government agencies for example CERN (nuclear research) and bunch of companies too.
It's such a lovely thing to own your user profiles, being able to create tokens for any user or impersonate users opens many doors that cloud solutions keep closed.
Finally!!! I waited for it, thank you very much! I'm really looking forward to the continuation, especially how to customize the user registration process by adding event publishing and setting user role by some user inputs
Great and informative as always Milan. Im exploring this atm and this seems to be a good alternative to spinning up my own identity server. And the best thing about this is that I can self host this.
I really want to start using Keycloak. But is it possible to style the login, register etc. Or must I create custom screens that call the keycloak api? And if so is this a good idea?
@@MilanJovanovicTechNo, it wouldn't -- had my predecessors avoided implementing wacky customizations to identityserver4, which needed to be ported to Duende in order to limit risk as idsvr4 and Duende have official version upgrade docs. But you're 100% right. A typical (and more secure) system using KeyCloak can be used, deployed, managed, etc. without ever needing to see a single line of Java.
Nice informative video. Eagerly waiting for the series. I assume it will cover common scenarios for microservices like service to service communication with valid resource scopes and way to manage them. Appreciate your efforts !!!!
What would you personally recommend for identity for an enterprise level application out of Keycloak, auth0, azure ad, aws cognito or creating a custom JWT based solution
Not directly. One approach I can think of is creating a dedicated (confidential) client for each user, and they'd be able to exchange it for an access token
Maybe creating a new Authenticator and adding the record to the db directly is the only elegant way. I need to dig a bit into the keycloak interfaces I think it should be possible, but it’s a major effort
What if you store users and hashed passwords elsewhere? We're looking for alternatives to IDP but we need to be able to manage users outside of the service. KeyCloak like it has a lot of user management built in. I guess that if you want to customize you need to write Java...
Thanks for this serie bro !! Was starting to check Ory ecosystem, I like the ideia of ory oathkeeper for centralized authorization server, so we can achieve the same here with Authorization Services Keycloak ? Like a reverse proxy for authorization. Also does anyone use ory? I started to check it, but did not do a real comparison between Ory and Keaclock (I need a service to deploy on my infra and that supports AD/LDAP federation)
please if you make such videos also explain how does keycloak make money from using it as identity provider. Real developers would use Keycloak Provider in real world scenarios.
Want to master Clean Architecture? Go here: bit.ly/3PupkOJ
Want to unlock Modular Monoliths? Go here: bit.ly/3SXlzSt
Great start to the series! For those wondering Keycloak is pretty widely used in government agencies for example CERN (nuclear research) and bunch of companies too.
I wasn't aware of that, but that's great to know 😁
It's such a lovely thing to own your user profiles, being able to create tokens for any user or impersonate users opens many doors that cloud solutions keep closed.
A user impersonation video might be interesting, thanks for the idea
Finally!!! I waited for it, thank you very much! I'm really looking forward to the continuation, especially how to customize the user registration process by adding event publishing and setting user role by some user inputs
You're welcome 😊 I'm still planning what to cover next, so thanks for some ideas.
@@MilanJovanovicTechhow to setup different user access/role , has different menu? Then different access control even in same page.
Great and informative as always Milan. Im exploring this atm and this seems to be a good alternative to spinning up my own identity server. And the best thing about this is that I can self host this.
Releasing another video soon for the .NET auth integration
Already using it in my projects with .NET 8.
Great product!
It's nice
Great video! Looking forward to more videos on Keycloak.
Coming soon!
i need to check this out... looking awesome
It's pretty cool. Easy to setup. You can connect it to an existing DB like Postgres, etc.
Nice one Milan. Eagerly waiting for the next video of this series.
Thanks a ton
This was what I needed. I just setup identity server on a new project. But if this is better for me then I will redo it with keycloak 😊
Awesome, glad I could help! :)
Awesome video! Hopefully we get a continuation video soon :)
Very soon!
The number of times you drop a video on a topic I'm looking at is uncanny.
That's a good sign 😁
Great video! Can't wait for more Keycloak related videos ;)
More to come!
Excellent tutorial!
Thank you!
I'm your Russian fan. you make the best content. Люблю тебя ❤
Большой привет из Сербии! :)
@@MilanJovanovicTech Ахахахахаха знаешь русский) Когда видео на русском ? :)
Very well explained!
Thanks a lot! :)
part -2 is awaited
Next week :)
Thanks for the that nice intro. Waiting for the next part.
Coming soon!
I really want to start using Keycloak. But is it possible to style the login, register etc. Or must I create custom screens that call the keycloak api? And if so is this a good idea?
My employer is allergic to Java so we're stuck with Duende, but I really like how keycloak offers a UI right off the bat
If you treat it like a "black box", does it matter? 🤔
@@MilanJovanovicTechNo, it wouldn't -- had my predecessors avoided implementing wacky customizations to identityserver4, which needed to be ported to Duende in order to limit risk as idsvr4 and Duende have official version upgrade docs. But you're 100% right. A typical (and more secure) system using KeyCloak can be used, deployed, managed, etc. without ever needing to see a single line of Java.
Nice informative video. Eagerly waiting for the series. I assume it will cover common scenarios for microservices like service to service communication with valid resource scopes and way to manage them.
Appreciate your efforts !!!!
I might introduce it into a microservices scenario at some point, for now I want to focus on integrating it with a .NET app
Great video Milan. Would love to see the backend configuration for this on a NET Core Web API!
Working on that video tomorrow, and posting in a week or two!
Can you explain the framework of ABP, and explain the advantages and disadvantages?
Will consider
Nice! I just find it their documentation very confusing when running a production ready docker container =/
You and me both!
@MilanJovanovicTech
how we can achive if we have two realm and single api for auth ?
Say each relam for each tenant ? Is it even possible ?
@@sreerajpsin Yes, you would define separate authentication schemes. This is actually a great idea for a video.
@@MilanJovanovicTech waiting
Great stuff. How about Part 2 on deploying to a cloud server with Nginx reverse proxy and SSL to support all our apps?
That might be part 3, since I already recorded part 2
@@MilanJovanovicTech Ha, nice! I went to your channel for part 2. Not uploaded yet?
We use keycloak too in our project
Nice!
Can you tell me that when i click on Sign in button at 7:40 then new page open as "Unable to connect"
Most likely the redirect URIs aren't properly set (on the client)
and how do you integrate it with the authorization?
Coming in another video!
What would you personally recommend for identity for an enterprise level application out of Keycloak, auth0, azure ad, aws cognito or creating a custom JWT based solution
Pick any of those (Keycloak, auth0, azure ad, aws cognito), but I wouldn't recommend rolling your own
Does it support api key authentication? Meaning users can create api keys for programmatic usage of API resources protected under keycloak
Not directly. One approach I can think of is creating a dedicated (confidential) client for each user, and they'd be able to exchange it for an access token
Maybe creating a new Authenticator and adding the record to the db directly is the only elegant way. I need to dig a bit into the keycloak interfaces I think it should be possible, but it’s a major effort
Wait... security responsibility on a opensource tool?
Yes
And why not?
Wow I need this for a proyect I’m in. Any idea of a course I could watch??
I'm not aware of one 🤷♂️
waiting for the next keyclock video
Recorded, comes out in a few weeks :)
@@MilanJovanovicTech thanks for your great effort
What if you store users and hashed passwords elsewhere? We're looking for alternatives to IDP but we need to be able to manage users outside of the service. KeyCloak like it has a lot of user management built in. I guess that if you want to customize you need to write Java...
There's a simple REST API for managing users in Keycloak. Might be all you need?
If you can show how to enable user registration then it will be great 😃
Will do, thanks for bringing that up!
Is it better than Authentic?
Never heard of Authentik, looks like a very similar product based on their website.
Is possible to implement multi tenant with keycloak?
Yes
Thanks for this serie bro !! Was starting to check Ory ecosystem, I like the ideia of ory oathkeeper for centralized authorization server, so we can achieve the same here with Authorization Services Keycloak ? Like a reverse proxy for authorization.
Also does anyone use ory? I started to check it, but did not do a real comparison between Ory and Keaclock (I need a service to deploy on my infra and that supports AD/LDAP federation)
I never heard of Ory 🤷♂️
damn...I wish I'd seen this video 1 year ago. Regretting my cloud provider choice.
I wish I'd released it a year ago then 😅
It's a bummer that IdentityServer is now a commercial product :(. Keycloak is great, but it's Java
So what if it's Java?
Hey Milan, Nice video...I wanted to ask how can i programmatically signup and login from a web application using KeyCloak's API?
You can use the Keycloak REST API to get a password (Password flow), and same for registering. I'll do a video about it.
@@MilanJovanovicTech Thanks! That will be awesome
please if you make such videos also explain how does keycloak make money from using it as identity provider. Real developers would use Keycloak Provider in real world scenarios.
How it makes money? It doesn't.
@@MilanJovanovicTechso the possibility of keyclock getting deprecated?
@@aakashpoojary3968 No not really, it's in government use + Linux Foundation + Red Hat (Red Hat Single Sign-On is based on KeyCloak).