Use of “Quarkus Security OpenID Connect Multi Tenancy” in an own small example

That blog post is about the usage of the “Quarkus Security OpenID Connect Multi Tenancy” implementation in an own small example, how to extract a tenant and reconfigure OIDC configuration for Keycloak.

This blog post is structured as followed:

  • Objectives
  • Use case definition
  • Architecture
  • Multi tenancy realization
  • Technologies
  • Implementation
  • Summary

You can find the code in the under construction GitHub project.

Basics understanding: “A tenant is a group of users who share a common access with specific privileges to the software instance. …” Wikipedia

Keep in mind there is no common single definition what exactly multi tenancy is in detail. One definition you can find in Wikipedia or one in the IBM learn hub, and many more exist.

Continue reading

Map an existing user to a role in a Keycloak realm using CURL

In this blog post I want briefly show, how I implemented the mapping of a role to a user in Keycloak with CURL in a bash script.

The reason why I came across that topic, it was because I noticed that it wasn’t possible to upload a new user including the role information to the current realm.

I found that helpful stackoverflow entry (Keycloak – using admin API to add client role to user), but this stackoverflow entry didn’t contain the information: How to configure it for a pure realm role? At the end I found the related REST API documentation of Keycloak to extract the information.

Here are the major three steps I did.

Continue reading

10 Hours of Live Recordings, which are built on Experience, about Application Security

It’s awesome we just created 10 hours of live recordings, which are built on experience, about application security. That learning journey was made by the IBM Developer Hybrid Cloud Build Team from IBM and I am a part of that team. We put together great content for you. By the way, I was responsible for the content ;-). I also have been the moderator for most of the sessions and I also gave sessions by myself. The learning journey is called #ApplicationSecurityLearningJourney.

So just take something to drink and grep some snacks and then enjoy all of the knowledge or just select your point of interest.

Here are the links to the various topics and related recordings on Crowdcast.io.

Continue reading

New hands-on workshop: Get started to deploy a Java Microservices application to Code Engine

Code Engine is build to create modern, source-centric, containerized, and serverless apps and jobs.
Take a quiz to get started with the Code Engine terminology.

The topic batch jobs is more related to AI and machine learning, and run AI model training temporarily with highly workload, and thats at the moment not so much in my scope.

My starting point with Code Engine was in my YouTube video: Code Engine, Containerized Application, Node-RED Starter Kit and Scale To Zero. With that in mind, from my perspective Code Engine is a very good starting point for smaller containerized applications, because you can precisely control costs with scale to zero. … and by the way, it’s easy of use.

That motivated me to create a simple hands-on workshop, where you are guided to deploy the Cloud Native Starter security example application to Code Engine. The source code of the example application is included to the GitHub project of the workshop. Access the the workshop on IBM Developer.

Continue reading

Simply logout from Keycloak

This blog post is about the logout from Keycloak in a Vue.js application using the keycloak-js SDK/javascript-adapter.

As you maybe know we (Niklas, Harald and I) created an example project called Cloud Native Starter that contains example implementations related to Cloud Native applications with Microservices. I will use one of the example implementations in that blog post.

I structured the blog post in following sections.

  • The simplified solution
  • The basics
  • The example implementation in a Vue.js fronted application
Continue reading

What do you think about the OWASP web application security top ten as a developer?

I like the OWASP Top Ten for “developers” charts. From my point of view, it gives an awesome advice, where to start and helps to take care and remember what you maybe already know about web security implementation. From my side it feels a bit like “rub salt into the wound” of a developer soul, isn’t it so? Especially when you starting developing cloud native and microservices based applications.

Continue reading

Authentication and Authorization for Java Microservices with Keycloak, Quarkus and Microprofile

In this blog post I want to point out that I created a 18 min YouTube video related to the newly created workshop Get started with security for your Java Microservices made by Harald, Niklas and me .

I focus in that video on the topics authentication and authorization for Java Microservices with Keycloak, Quarkus and Microprofile. Have fun 😉

Select your starting point for the video:

The workshop documentation with MkDocs:


I hope this was useful for you and let’s see what’s next?

Greetings,

Thomas

#Authorization, #Authentication, #Java, #Microprofile, #Quarkus, #Keycloak

How to create a new realm with the Keycloak REST API?

In this blog post I want to show, how to create a new realm with Keycloak REST API , because later I want to automate the Keycloak realm creation for a workshop using curl in a bash script.

The reason of that blog post is, that the information in the REST API documentation wasn’t detailed enough for me. The image shows what I found first in the Keycloak REST API documentation .

keycloak-create-realm-01

In common it’s very simple to use the Keycloak REST API. For more details see in my blog post Getting started to secure a simple Java Microservice with Keycloak, MicroProfile and OpenLiberty.

First you need a bearer authorization token for an administration user and with that token you create a new realm using the realm json exported before.

Here is what I found:

I used POSTMAN to check it out. These are the steps I did in POSTMAN.

Continue reading