This blog post contains some of the implementation details of an example Bash script to automate the setup for an IBM Cloud App ID service instance. For details, visit this GitHub project.
What is App ID?
“IBM Cloud App ID allows you to easily add authentication to web and mobile apps. You no longer have to worry about setting up infrastructure for identity, ensuring geo-availability, and confirming compliance regulations. Instead, you can enhance your apps with advanced security capabilities like multifactor authentication and single sign-on.” Resource from the IBM Cloud App ID website (2021/10/06). For more details please visit the website.
The script creates one instance of the IBM Cloud App ID service and does the configuration.
This automation example uses the IBM Cloud Shell and a PayAsYouGo IBM Cloud Account, but for the App ID service instance we will use the lite plan which is for free.
That blog post is about the usage of the “Quarkus Security OpenID Connect Multi Tenancy” implementation in an own small example, how to extract a tenant and reconfigure OIDC configuration for Keycloak.
Basics understanding: “… A tenant is a group of users who share a common access with specific privileges to the software instance. …” Wikipedia
Keep in mind there is no common single definition what exactly multi tenancy is in detail. One definition you can find in Wikipedia or one in the IBM learn hub, and many more exist.
This blog post is about, how to setup a self-signed SSL certificate for an encrypted (https) communication with a Cloud Foundry application on IBM Cloud, if you are at a Hackathon. Keep in mind you don’t need to implement additional code inside of your Cloud Foundry application in this scenario. All is managed by IBM Cloud and you don’t need to modify your source-code. You need to have installed OpenSSL on your local machine and this example shows the setup on MacOS and Safari. You also need a Pay-As-You-Go or Trial-Account for the IBM Cloud to setup custom domain and ssl.
A certificate from a certificate authority can be costly, if you aren’t able to use a free certificate authority like for example “Let’s encrypt” supported by your domain provider. In my case the domain provider GoDaddy doesn’t support to request certificates directly from “Let’s encrypt”.
One easy solution to avoid additional costs is to create a self-signed certificate. This solution works well, if you only want to test and develop during a Hackathon and you have a very small count of users and you can give them the guidance to use the self-signed SSL certificate in their browser. As you can see you need to upload self-signed SSL certificate in this simplified picture.
I like the OWASP Top Ten for “developers” charts. From my point of view, it gives an awesome advice, where to start and helps to take care and remember what you maybe already know about web security implementation. From my side it feels a bit like “rub salt into the wound” of a developer soul, isn’t it so? Especially when you starting developing cloud native and microservices based applications.
In this blog post I want to show, how to create a new realm with Keycloak REST API , because later I want to automate the Keycloak realm creation for a workshop using curl in a bash script.
The reason of that blog post is, that the information in the REST API documentation wasn’t detailed enough for me. The image shows what I found first in the Keycloak REST API documentation .
First you need a bearer authorization token for an administration user and with that token you create a new realm using the realm json exported before.
Here is what I found:
… for the Authorization user for administrative tasks, I got the missing pieces in the Keycloak documentation here.
The objective of this blog post is to share with you an extract of a “simple” example project on GitHub I created to get started with: How to access a Java Microservice using the Open Source Identity and Access Management with Keycloak and JavaWebToken (JWT).
The objective of this blog post is to share with you an extract of a “simple” example project on GitHub I created to get started with: How to access a Java Microservice using the Open Source Identity and Access Management with Keycloak and JavaWebToken (JWT).