My presentation at SecSessions - Cybersecurity Meetup OWASP Top Ten 2017 from Michael Furman
My presentation at Java.IL - the Israeli Java Community OWASP A4 XML External Entities (XXE) from Michael Furman
My presentation at OWASP Appsec IL 2018 Passwords are passé. WebAuthn is simpler, stronger and ready to go from Michael Furman
Update Keycloak User Attributes from Okta SAML Provider The post describes how to configure Keycloak and Okta to update Keycloak User Attributes from Okta SAML Provider Why the User Attributes are empty? In my previous post I have described how to configure Okta SAML Provider. You may be wondering and want to ask me the question: “Michael, why the User Attributes are empty? I have values in Okta but the in Keycloak values are empty.
Disabling Two-Factor Authentication The post describes how to disable Two-Factor Authentication in Keycloak. Disabling Two-Factor Authentication for a specific user In my previous post I have described how to configure Two-Factor Authentication. But what should you do when your user lost a mobile device? What should you do when your user uninstalled the Google Authenticator by mistake? You need to disable Two-Factor Authentication for the user. Configuration Open Keycloak admin page, open Users, open the user and go to the Credentials tab.
My presentation at Tech Talks Israel Meetup OpenId Connect Protocol from Michael Furman
Keycloak with Okta SAML Provider The post describes how to integrate Keycloak with Okta SAML Provider Configuration We need to configure Keycloak and Okta in parallel. First, you need to add SAML provider in Keycloak, then you need to add SAML application in Okta using the provider metadata. Finally you need to import the SAML application metadata into the provider. Add SAML provider in Keycloak Open Keycloak admin page, open Identity Providers, select the SAML v2.
Simple Identity Brokering First Login Flow The post describes creation of Simple Identity Brokering First Login Flow. What is First Login Flow? The First Login Flow is a workflow that will be used after a user logins the first time to Keycloak from an external Identity Provider . Keycloak provides the First Login Flow out of the box and it described here The provided flow performs a lot of actions.
Keycloak Two-Factor Authentication The post describes how to configure Two-factor authentication in Keycloak What is Two-Factor Authentication? According to wikipedia: Two-factor authentication (also known as 2FA) is a method of confirming a user’s claimed identity by utilizing a combination of two different factors: Something they know Something they have or something they are Keycloak Two-Factor Authentication Keycloak authenticates users using: Password An one-time password (OTP) A one-time password generated by Google Authenticator or FreeOTP
Keycloak Password Policy The post describes how to configure Password Policy in Keycloak What is a password policy? A Password Policy is the set of restrictions and/or requirements that a user must follow to ensure that their password is strong. Keycloak configuration Open Keycloak admin page, open Authentication, go to the Password Policy tab. Click on the Add policy … to see the list of available password policies. Keycloak documentation related to Password Policies is here
Keycloak Brute Force Protection The post describes how to configure Brute Force Protection in Keycloak What is a brute force attack? According to OWASP: “A brute-force attack is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and symbols until you discover the one correct combination that works” Keycloak configuration Open Keycloak admin page, open Realm Settings, go to the Security Defenses tab and open the Brute Force Protection tab.