Ultimate Security Professional Blog

Blog of Michael Furman

Access Keycloak APIs using Two-Factor Authentication

How To Access Keycloak APIs Using Two-Factor Authentication Two-Factor Authentication is the very strong and recommended security control. In my previous post I have described how to configure Two-factor authentication in Keycloak. The short (but important) post describes how to access Keycloak APIs using Two-Factor Authentication. Access Keycloak APIs Using User Name and Password Let’s first access Keycloak APIs Using User Name and Password. According to the Keycloak documentation, you first need to obtain an access token.

Keycloak with Okta OpenID Connect Provider

Keycloak with Okta OpenID Connect Provider Similar to SAML, Keycloak can be configured to use the external OpenID Connect Provider. The post describes how to integrate Keycloak with Okta OpenID Connect Provider. The configuration steps are very similar to the configuration of SAML Provider described in my previous post, but the configuration simpler that the SAML configuration. Configuration We need to configure Keycloak and Okta in parallel. First, you need to add the OpenID Connect Provider in Keycloak, then you need to add an OpenID Connect application in Okta using the Keycloak provider metadata.

Update Keycloak User Attributes from Okta SAML Provider

Update Keycloak User Attributes from Okta SAML Provider The post describes how to configure Keycloak and Okta to update Keycloak User Attributes from Okta SAML Provider Why the User Attributes are empty? In my previous post I have described how to configure Okta SAML Provider. You may be wondering and want to ask me the question: “Michael, why the User Attributes are empty? I have values in Okta but the in Keycloak values are empty.

Disabling Two-Factor Authentication

Disabling Two-Factor Authentication The post describes how to disable Two-Factor Authentication in Keycloak. Disabling Two-Factor Authentication for a specific user In my previous post I have described how to configure Two-Factor Authentication. But what should you do when your user lost a mobile device? What should you do when your user uninstalled the Google Authenticator by mistake? You need to disable Two-Factor Authentication for the user. Configuration Open Keycloak admin page, open Users, open the user and go to the Credentials tab.

Keycloak with Okta SAML Provider

Keycloak with Okta SAML Provider The post describes how to integrate Keycloak with Okta SAML Provider Configuration We need to configure Keycloak and Okta in parallel. First, you need to add the SAML provider in Keycloak, then you need to add a SAML application in Okta using the Keycloak provider metadata. Finally you need to import the SAML application metadata into the Keycloak provider. Add SAML provider in Keycloak Open Keycloak admin page, open Identity Providers, select the SAML v2.