Keycloak as Fun
A conversation with Sebastien Blanc about Logo, oauth and Keycloak
1 Stunde 18 Minuten
Podcast
Podcaster
Java, Serverless, Clouds, Architecture and Web conversations with Adam Bien
Beschreibung
vor 6 Jahren
An airhacks.fm conversation with Sebastien Blanc (@sebi2706) about:
Thomson MO5, every school in France needs to have a computer,
printing the name with BASIC, the REM sadness, making yellow boxes,
programming Logo in French, writing "root" and "house" procedures,
no procedures in BASIC, the ACSLogo for Mac OS X, Berkeley Logo
(UCBLogo), the Amstrad PC1512, using AMOS programming language for
writing games, writing invoicing software with 14 and AMOS, Zak
McKracken and the Alien Mindbenders, Siemens Nixdorf PC, QuickBasic
on Siemens Nixdorf DX2-66, the Persistence of Vision Raytracer,
average calculation for school notes with QuickBasic, writing
ballistic games for TI BASIC (TI 99/4A), playing Nirvana on
e-guitar, starting with Java in 2002, the Rational Rose Logo
Edition, learning Java EE on JOnAS, Apache Tapestry, consulting
with Apache Jetspeed, writing Java EE code for 7 years, hardtimes
with WebSphere, Xerces and ClassLoading, refactorings to Maven,
mobile web / Grails involvements, starting at RedHat's mobile team
- AeroGear, Matthias Wessendorf, Matthias loves Java Server Faces
(JSF), the unified push server, starting keycloak involvement, the
security challenge, the keycloak religion, keycloak ships as
WildFly distribution, keycloak is a WildFly subsystem, keycloak
uses hibernate for persistence, keycloak manages users with
credentials, keycloak ships with ready to UI to manage users,
keycloak functionality is exposed as REST services, there is a Java
client available - as REST wrapper, keycloak is a "remote" proxy
realm, keycloak ships with adapters for major application servers
out-of-the-box, keycloak comes with SSO - different application
servers can share the same session, the security realm is a
"territory", in keycloak a session is optional -- a microservice
can use JWT token, using OIDC tokens, keycloak comes with servlet
filters for servers without adapter support, the new keycloak
approach is the Keycloak Gatekeeper, Keycloak Gatekeeper is a
sidecar service, apache mod_auth_openidc, keycloak is oidc
compliant -- any generic OIDC library should work, the JWT creation
tool JWTenizr, the "Securing JAX-RS Endpoints with JWT" screencast,
the oauth flows, oauth authorization flow, implicit flow and the
hybrid flow, access token has to have short lifetime, using
services accounts for schedulers, keycloak has a logout backchannel
- available from servlet filter, pushing a timestamp also causes
logout, HttpServletRequest#logout also logouts, the killer feature:
keycloak stores the private keys in one place and makes public keys
available via URI,
Sebastien Blanc on twitter: @sebi2706
Thomson MO5, every school in France needs to have a computer,
printing the name with BASIC, the REM sadness, making yellow boxes,
programming Logo in French, writing "root" and "house" procedures,
no procedures in BASIC, the ACSLogo for Mac OS X, Berkeley Logo
(UCBLogo), the Amstrad PC1512, using AMOS programming language for
writing games, writing invoicing software with 14 and AMOS, Zak
McKracken and the Alien Mindbenders, Siemens Nixdorf PC, QuickBasic
on Siemens Nixdorf DX2-66, the Persistence of Vision Raytracer,
average calculation for school notes with QuickBasic, writing
ballistic games for TI BASIC (TI 99/4A), playing Nirvana on
e-guitar, starting with Java in 2002, the Rational Rose Logo
Edition, learning Java EE on JOnAS, Apache Tapestry, consulting
with Apache Jetspeed, writing Java EE code for 7 years, hardtimes
with WebSphere, Xerces and ClassLoading, refactorings to Maven,
mobile web / Grails involvements, starting at RedHat's mobile team
- AeroGear, Matthias Wessendorf, Matthias loves Java Server Faces
(JSF), the unified push server, starting keycloak involvement, the
security challenge, the keycloak religion, keycloak ships as
WildFly distribution, keycloak is a WildFly subsystem, keycloak
uses hibernate for persistence, keycloak manages users with
credentials, keycloak ships with ready to UI to manage users,
keycloak functionality is exposed as REST services, there is a Java
client available - as REST wrapper, keycloak is a "remote" proxy
realm, keycloak ships with adapters for major application servers
out-of-the-box, keycloak comes with SSO - different application
servers can share the same session, the security realm is a
"territory", in keycloak a session is optional -- a microservice
can use JWT token, using OIDC tokens, keycloak comes with servlet
filters for servers without adapter support, the new keycloak
approach is the Keycloak Gatekeeper, Keycloak Gatekeeper is a
sidecar service, apache mod_auth_openidc, keycloak is oidc
compliant -- any generic OIDC library should work, the JWT creation
tool JWTenizr, the "Securing JAX-RS Endpoints with JWT" screencast,
the oauth flows, oauth authorization flow, implicit flow and the
hybrid flow, access token has to have short lifetime, using
services accounts for schedulers, keycloak has a logout backchannel
- available from servlet filter, pushing a timestamp also causes
logout, HttpServletRequest#logout also logouts, the killer feature:
keycloak stores the private keys in one place and makes public keys
available via URI,
Sebastien Blanc on twitter: @sebi2706
Weitere Episoden
1 Stunde 12 Minuten
vor 7 Monaten
1 Stunde 6 Minuten
vor 7 Monaten
57 Minuten
vor 8 Monaten
1 Stunde 5 Minuten
vor 8 Monaten
1 Stunde 13 Minuten
vor 8 Monaten
In Podcasts werben
Kommentare (0)