par janua | Août 28, 2019 | Gestion des Identités, Open Source, SSO
This article is dedicated to describe the behaviour and usage of offline sessions and offline tokens within Keycloak. The behaviour of offline tokens is also illustrated through the off-line-token example of the keycloak demo template (available with version 5.0 of...
par janua | Août 27, 2019 | Communauté, SSO
PKCE support with Keycloak 7.0: Keycloak 7.0 has been released on Aug 25th 2019 with PKCE support. This represents a major breakthrough for all mobile apps to increase security and to mitigate malicious attacks Public client security vulnerability OAuth 2.0 [RFC6749]...
par janua | Juil 23, 2019 | Communauté, Sécurité, SSO
In this article Janua’s CTO share tips and tricks about Keycloak X509 Certificate Authentication. 1. Overview The goal is to explain how it is possible to authenticate user against keycloak applications using client certificates. This can be very useful in case...
par janua | Juin 21, 2019 | Communauté, Sécurité, SSO
In this article, janua’s CTO shares tips and tricks regarding access token security with Keycloak. 1. Description Tokens are issued to clients by an authorization server with the approval of the resource owner. The client uses the access token to access the...
par janua | Juin 11, 2019 | Gestion des Identités, Open Source, SSO
This article describes how it is possible to validate a Keyloak access token and performing signature verification. The RSA realm public key is uploaded in order to verify the access token signature The example is illustrated using jwt.io debugger debugger, but could...
