Keyclock
Authentication and
Authorization

Restricted Circulation | L&T Technology Services | © 2019

About

Keycloak is an open-source Identity and Access Management solution targeted towards modern
applications and services. Keycloak offers features such as Single-Sign-On (SSO), Identity
Brokering and Social Login, User Federation, Client Adapters, an Admin Console, and an Account
Management. Keycloak builds on Industry standard protocols supporting OAuth 2.0, OpenID
Connect, and SAML 2.0. Using industry standard protocols is important from both a security
perspective and in terms of making it easier to integrate with existing and new applications.

Open-Source Software (OSS) 

There is no license or service fee for the software. The source code is freely accessible.
Therefore, changes can be made anytime and by anyone. There is no vendor lock-in.
Being Keycloak an open-source project, we do not have any guarantee provided by its
producer about its working or road map and things likes customer support are taken care of
by Stack Overflow and surely with no hard deadlines for response time
Features
1. Single Sign-on
2. Standard Protocols- OAuth 2.0, OIDC, SAML
3. Flexible Authentication and Authorization
4. Multi factor Authentication- One-time passwords
5. Social Login (Google,FB)
6. Provides centralized User Management
7. Supports Directory Services
8. Customizable and Extensible

Types of Tokens
1. ID Token
2. Access Token
3. Refresh Token
4. Open-id Connect
 Set Email
Verification
True Note: Registration/Login page is
accessible without authorization.
Possible to send the info in
Invoking REST API RabbitMQ

Request to get Check Invoke the User Invoke Post method

Application
Front-end Kong Access token in AD Registration API call to User
Keycloak user or Microservice
Not of Keycloak

Set Email
Verification
False

Do Single Sign-
On in AD
Roles and
integration
User
Mapping
Invoke Keycloak Invoke Keycloak Done here
Return If Email
Verified
using REST API call using REST API call Rigor_Crud
response to to get Customer to update Microservice
Application Detail Customer Detail
Invoke Verify
API in
Keycloak
var client = new HttpClient();

client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Accept.Add(
new MediaTypeWithQualityHeaderValue("application/vnd.github.v3+json"));
client.DefaultRequestHeaders.Add("User-Agent", ".NET Foundation Repository Reporter");

var values = new Dictionary<string, string>

Calling KeyCloak client from .net
{
{ "client_id", "myClientId" },
{ "grant_type", "password" },
{ "username", "usernaName" },
{ "password", "password" }
};
var content = new FormUrlEncodedContent(values);
var response = await client.PostAsync("http://domain/auth/realms/realmName/protocol/openid-connect/token", content);
var responseString = await response.Content.ReadAsStringAsync();
var responseToken = JsonConvert.DeserializeObject<ResponseToken>(responseString);

Console.WriteLine("accessToken: " + responseToken.AccessToken);

var client2 = new HttpClient();

client2.DefaultRequestHeaders.Accept.Clear();
client2.DefaultRequestHeaders.Accept.Add(
new MediaTypeWithQualityHeaderValue("application/vnd.github.v3+json"));
client2.DefaultRequestHeaders.Add("User-Agent", ".NET Foundation Repository Reporter");
client2.DefaultRequestHeaders.Add("Authorization", "bearer "+ responseToken.AccessToken);

var dataResponse = client2.GetStreamAsync("http://serviceDomain/api/SampleData/WeatherForecasts");

var serializer = new DataContractJsonSerializer(typeof(List<Weather>));

var tempData = serializer.ReadObject(await dataResponse) as List<Weather>;
Console.WriteLine(tempData);