SAML is an older authentication protocol, which gained popularity in the world of SOAP services. It's a modern protocol built on top of the OAuth 2.0 framework. OpenID Connect (OIDC) is the preferred method. SSO ProtocolsĬommunication between Keycloak and the clients asking it for authentication services happens according to one of the two main supported SSO (Single Sign-On) protocols: OpenID Connect and SAML. In this series, I'll be relying on the default authentication flows, so I will not change the configuration that often, but feel free to take a moment and explore the different options. Furthermore, in case the user has configured the OTP mechanism for their account, an extra authentication step is executed.
When the Forms authentication type is on, username and password are required as part of this subflow. One of them is required to be successful for the user to be authenticated. Cookie, Identity Provider Redirector and Forms are three alternatives supported by this flow. In the picture, for example, you can see the configuration for the Browser Authentication Flow. Authentication Flows - Keycloak Admin Console Should you need something different, you can always create your own by choosing New in the far right of the screen.įrom the dropdown list on the left, we can select flows for login, registration, credentials reset and other Keycloak workflows. Keycloak provides already several authentication flows that you can customise in Authentication > Flows. The sequence of actions a user or a service needs to perform to be authenticated, in Keycloak, is called authentication flow.
The starting point in our process to secure an application or a web service with Keycloak is to identify and authenticate the user.
Finally, I'll show you how to configure Keycloak to make it work with our web application and services. Then, I'll briefly mention the two protocols Keycloak can use to provide its services: OpenID Connect (on top of OAuth 2.0) and SAML. In this article, I'm going to introduce the concept of authentication flows and how we can configure and customise them.
Keycloak is an identity and access management solution that we can use in our architecture to provide authentication and authorization services, as we have seen in the previous posts in the series.