How to size your projects for Red Hat's single sign-on technology
Red Hat’s single sign-on (SSO) technology is an identity and access management tool included in the Red Hat Middleware Core Services Collection that’s based on the well-known Keycloak open source project. As with other Red Hat products, users have to acquire subscriptions, which are priced according to the number of cores or vCPU used to deploy the product. This presents an interesting problem for pre-sales engineers like me. To help my customers acquire the correct number of subscriptions, I need to sketch the target architecture and count how many cores they need. Continue reading
Configure Red Hat SSO for 3scale using the CLI!
3scale API Management can be used in conjunction with Red Hat SSO / Keycloak to secure APIs managed by 3scale using the OpenID Connect protocol. The official documentation describes the steps to configure Red Hat SSO / Keycloak but it uses the Graphical User Interface, which can be tedious if you have multiple environments to configure. Let’s configure Red Hat SSO for 3scale using the CLI! Continue reading
Secure your Raspberry PI with Keycloak Gatekeeper on OpenWRT
In the article “Nginx with TLS on OpenWRT”, I explained how to install nginx on a Raspberry PI running OpenWRT for hosting web applications. Some of the web applications that I installed on my Raspberry PI do not feature any authentication mechanism at all. No authentication means that anybody on the internet could reach those applications and play with them. This article explains how to secure applications running on a Raspberry PI with Keycloak Gatekeeper. Continue reading
Secure a Quarkus API with Keycloak
Quarkus is a Java stack that is Kubernetes native, lightweight and fast. Quarkus can be used for any type of backend development, including API-enabled backends. Keycloak is an open source Single Sign On solution that can be used to secure APIs. In this article, I’m describing how to secure a Quarkus API with Keycloak using JWT tokens. Continue reading
Running Red Hat SSO outside of OpenShift
In an article named Red Hat Single Sign-On: Give it a try for no cost!, I explained how to deploy Red Hat SSO very easily in any OpenShift cluster. As pointed by a reader in a comment, as widespread OpenShift can be, not everyone has access to a running OpenShift cluster. So, here is how to run Red Hat SSO outside of OpenShift: using only plain Docker commands. Continue reading
Red Hat Single Sign-On: Give it a try for no cost!
In a software world where each day is more hostile than the previous one, security matters and developers are coping with more and more non-functional requirements about security. The most common ones are the “OWASP Top 10”: the ten security risks that every developer should know. There are many more security risks you should care about, but those ten risks are the ones having the most impact on the security of your software. Continue reading
Using a public certificate with Red Hat Single Sign-On/Keycloak
When deploying Red Hat Single Sign-On/Keycloak for a test or a proof of concept, most users will choose to use a self-signed certificate as explained in the official documentation. The setup instructions are straightforward, but this self-signed certificate will trigger certificate error messages in your web browser and can also prevent some clients such as Postman from working properly. This article explains how to use a public certificate from Let’s Encrypt with Red Hat Single Sign-On. Continue reading