The TRAPEZE authentication with Keycloak

Security is one of the central components of the Trapeze platform. Any data stored and processed by the TRAPEZE platform should be accessible only to authorized individuals. In order to implement this, the TRAPEZE platform relies on industry standards for authentication and authorization, OpenID Connect and OAuth2 and it felt like a natural choice to go with Keycloak, one of the leading solutions for identity and access management.

Keycloak is an open-source Identity and Access Management solution targeted towards modern applications and services. It offers features such as Single-Sign-On (SSO), Identity Brokering and Social Login, User Federation, Client Adapters, an Admin Console, and an Account Management Console. Moreover, it has big community support which guarantees that there are a lot of examples of how to do something.

Some of the strongest points of Keycloak are:

  • Administration GUI – Keycloak has the great advantage of providing a GUI enabling direct administration of your data (users, realms, roles, etc.) from a web page.
  • Manages all classic authentication protocols – Keycloak manages a whole load of different authentication layers. These include, in particular, OpenID, OpenID Connect, OAuth, and SAML. It is also capable of connecting directly to several types of database (LDAP, Kerberos, etc.).
  • An integrated social network gateway – Keycloak supports the possibility of setting up configuring for logging in using social networks.
  • Account management with task automation – Added to this is the possibility of directly managing the registration of users and the automatic sending of emails for verification, loss of password and account update.
  • Two-factor authentication – In addition, Keycloak supports two-factor authentication, enabling maximum security.

To integrate Keycloak with applications and systems, there is a complete series of “client adapters“. They are libraries that make it very easy to secure applications and services with Keycloak. They are called adapters rather than libraries as they provide tight integration to the underlying platform and framework. To learn more about Keycloak, please visit the official page (www.keycloak.org).

by Dejan Paunović