Member-only story
While securing an application, we often find our selfs stuck in a rabbit hole trying to figure out which protocol suites best to secure our web application.
This can consume the developers time when security details are important to keep the application safe and maintainable.
Keycloak offers out-of-the-box both authentication and authorization solutions to secure applications, while supporting multiple authentication protocols such OIDC and SAML 2.0.
We will use SAML — Security Assertion Markup Language — which is a way of simplifying confidential authentication for users, between an identity provider (IDP), and service provider (SP).
SAML is an XML (Extensive Markup Language) that centralizes the user management so that the user’s authorization is dependent on the identity provider instead of the service.
In our case, we will be creating a simple Flask application which acts as a Service Provider (SP) in for the rest of our guide, and Keycloak will be our Identity Provider (IdP).
Setup Keycloak
- Via local installation:
Download the file (requires java, wget installed):
cd $HOME && \
wget -c keycloak_13_0_1.tar.gz…
