What will I cover in this post? We will learn how to integrate Keycloak with Onelogin OIDC Provider.
Similar to SAML, Keycloak can be configured to use the external OpenID Connect Provider.
The configuration steps are very similar to the configuration of SAML Provider described in my previous post, but the configuration simpler that the SAML configuration.
Do not forget to follow me on Twitter
Configuration Keycloak and Onelogin need to be configured in parallel.
Update Keycloak User Attributes from Onelogin SAML Provider The post describes how to configure Keycloak and Onelogin to update Keycloak User Attributes from the Onelogin SAML Provider
Do not forget to follow me on Twitter
Why the User Attributes are empty? In my previous post I have described how to configure the Onelogin SAML Provider.
You may be ask yourself: “Why the User Attributes are empty? I have values in Onelogin but the in Keycloak values are empty.
What will I cover in this post? We will learn how to integrate Keycloak with Onelogin SAML Provider.
Do not forget to follow me on Twitter
Configuration In my previous post I have described how to integrate Keycloak with Okta SAML Provider. The configuration with with Onelogin SAML Provider is very similar.
Keycloak and Onelogin need to be configured in parallel. First, you need to add the SAML identity provider in Keycloak.
What will I cover in this post? In my previous post I have described Two-Factor Authentication with WebAuth.
But what should you do when a user replaces WebAuthn device?
In this post, we will learn how to reset WebAuthn for a specific user. In addition, we will see how to revert the WebAuthn configuration for all users.
Reset WebAuthn for a specific user If a user replaces WebAuthn device he /she will not be able to login and will see the following error:
What will I cover in this post? We will learn how to configure Two-Factor Authentication with Keycloak WebAuth.
In this post, I plan on:
Explaining what is WebAuth Explaining how to configure WebAuth in Keycloak Do not forget to follow me on Twitter
What is WebAuth? WebAuthn is the standard recommended by FIDO Alliance and W3C. WebAuthn defines a standard web API that gives users new methods to securely authenticate.
How To Access Keycloak APIs Using Two-Factor Authentication Two-Factor Authentication is the very strong and recommended security control.
In my previous post I have described how to configure Two-factor authentication in Keycloak.
The short (but important) post describes how to access Keycloak APIs using Two-Factor Authentication.
Access Keycloak APIs Using User Name and Password Let’s first access Keycloak APIs Using User Name and Password.
According to the Keycloak documentation, you first need to obtain an access token.
What will I cover in this post? We will learn how to integrate Keycloak with Okta OIDC Provider.
Similar to SAML, Keycloak can be configured to use the external OpenID Connect Provider.
The configuration steps are very similar to the configuration of SAML Provider described in my previous post, but the configuration simpler that the SAML configuration.
Do not forget to follow me on Twitter
Configuration Keycloak and Okta need to be configured in parallel.
Update Keycloak User Attributes from Okta SAML Provider The post describes how to configure Keycloak and Okta to update Keycloak User Attributes from the Okta SAML Provider
Do not forget to follow me on Twitter
Why the User Attributes are empty? In my previous post I have described how to configure the Okta SAML Provider.
You may be wondering and want to ask me the question: “Michael, why the User Attributes are empty?
Disabling Two-Factor Authentication The post describes how to disable Two-Factor Authentication in Keycloak.
Disabling Two-Factor Authentication for a specific user In my previous post I have described how to configure Two-Factor Authentication.
But what should you do when your user lost a mobile device?
What should you do when your user uninstalled the Google Authenticator by mistake?
You need to disable Two-Factor Authentication for the user.
Configuration Open Keycloak admin page, open Users, open the user and go to the Credentials tab.
My presentation at Tech Talks Israel Meetup
The video is published here.
OpenId Connect Protocol from Michael Furman
What will I cover in this post? We will learn how to integrate Keycloak with Okta SAML Provider.
Do not forget to follow me on Twitter
Configuration Keycloak and Okta need to be configured in parallel. First, you need to add the SAML identity provider in Keycloak. Then you to add a SAML application in Okta using the Keycloak Redirect URI value. Finally, you need to import the Okta SAML application metadata into the Keycloak Identity Provider.
Simple Identity Brokering First Login Flow The post describes creation of Simple Identity Brokering First Login Flow.
What is First Login Flow? The First Login Flow is a workflow that will be used after a user logins the first time to Keycloak from an external Identity Provider .
Keycloak provides the First Login Flow out of the box and it described here
The provided flow performs a lot of actions.
What will I cover in this post? We will learn how to configure Two-Factor authentication in Keycloak
In this post, I plan on:
Explaining what is Two-Factor Authentication Explaining what is Keycloak Two-Factor Authentication Explaining how to configure Two-factor authentication in Keycloak Do not forget to follow me on Twitter
What is Two-Factor Authentication? According to wikipedia: Two-factor authentication (also known as 2FA) is a method of confirming a user’s claimed identity by utilizing a combination of two different factors:
Keycloak Password Policy The post describes how to configure Password Policy in Keycloak
What is a password policy? A Password Policy is the set of restrictions and/or requirements that a user must follow to ensure that their password is strong.
Keycloak configuration Open Keycloak admin page, open Authentication, go to the Password Policy tab.
Click on the Add policy … to see the list of available password policies.
Keycloak documentation related to Password Policies is here
Keycloak Brute Force Protection The post describes how to configure Brute Force Protection in Keycloak
What is a brute force attack? According to OWASP: “A brute-force attack is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and symbols until you discover the one correct combination that works”
Keycloak configuration Open Keycloak admin page, open Realm Settings, go to the Security Defenses tab and open the Brute Force Protection tab.