This article details the deployment of an Angular application, a backend-for-frontend (BFF) built with Express.js, and a Keycloak server on a Windows Server using IIS. It explores the challenges encountered when moving from a local setup to a production environment, including session handling, secure communication, and configuring KeycloakStrategy.
keycloak
8 posts
This article explains implementing the BFF pattern with Angular, Express.js, and Keycloak to secure web applications. Learn how to handle authentication flows server-side, eliminate client-side token storage, and maintain separation between frontend and security operations. Includes practical configuration steps for Keycloak realms, Express.js sessions, and Angular’s authentication service.
Discover how passport-keycloak-oauth2-oidc-portable integrates Keycloak with OAuth2 and OpenID Connect (OIDC) using the secure Proof Key for Code Exchange (PKCE) protocol. This article explores implementing PKCE to protect public clients like desktop and single-page applications from common authentication vulnerabilities such as CSRF and authorization code interception. Learn about setting up a Keycloak test instance with Docker to facilitate seamless local development and testing. Through a practical example, see how PKCE aligns with modern security standards, providing a robust and efficient authentication mechanism for your applications. Whether you’re enhancing existing authentication flows or building new solutions, this guide offers valuable insights into leveraging PKCE, Keycloak, and Passport.js to create secure authentication frameworks.
This article will be a practical one as I intend to showcase a fully automated setup of Keycloak for local testing. However, unlike so many examples out there, this article aims to deploy a production-level Keycloak deployment that uses a Certificate Manager, Sealed Secrets, and PostgreSQL HA (high-availability variant). The goal is to create a development and test environment that behaves as realistically as possible. To make redeployments as easy as possible, we will provide both a single bash script and Helm charts. It’s up to the user to decide which path is more useful. Helm charts are powerful, but […]
In the previous article, we explored the straightforward process of customizing Keycloak’s user interface. Now, let’s dive into the world of SPIs (Service Provider Interfaces) and discover how we can extend Keycloak’s functionalities by implementing our own. To accomplish this, we’ll need the following set of tools:: Apache Maven Eclipse (or any other IDE that supports Java and Maven) Java SDK (download from here and install it before continuing with the article) If you prefer, you have the option to run Keycloak instances using Docker, although it is not mandatory. To simplify the process, I’ve included a set of Dockerfiles […]
This is the third article from the series on using Keycloak. While previous ones were dealing with running Keycloak in Kubernetes this one is about templating Keycloak. Therefore, I won’t be describing how a Keycloak instance can be run and what configuration options one should use. Instead, I will focus on building an easy to use environment for templating and designing Keycloak forms. The environment presented here is the same I am using for my professional work. So, everything shown here is based on real-world experience. This should not mean that it’s the “best” one. I am only sharing my […]
This is a follow-up to my previous article on how to setup a Keycloak instance with Postgres on k8s. Surprisingly, it was quite popular on HackerNews and received lots of comments. Among them were questions regarding high-availability and failure resistance. In the original article I described a fairly simple setup running Keycloak and Postgres pods which were accessing manually created PersistenceVolumes and Claims. I showed how to do all that both with handcrafted YAMLs as well as with Helm charts. There is also a repository containing YAMLs and configurations, so before you start working with the solution described here, maybe […]
In this article we will learn how to deploy Keycloak with PostgreSQL on Kubernetes. We will first do everything manually with separate YAMLs and then later with Helm. Our k8s environment will run in Kind, which is an easy to use k8s variant for local expermentation. The sources are located here. Keycloak Keycloak is one of the most popular open-source Identity and Access Management providers. It can run in various environments, from small shops up to giant data centers. Although this article isn’t about IAM’s in general and how to use them, let’s provide a simple definition just to make […]