Getting Started With The Keycloak Single Sign-On Operator

Modern application environments are complex and getting more complex every day. The environments need to support multiple deployment infrastructures, application architectures, programming languages, and frameworks. 

It can be challenging and time-consuming for operations and development teams to be experts in all of the different technologies in order to install, configure, and maintain them. Kubernetes operators help streamline the installation, configuration, and maintenance complexity.

Keycloak is a single sign-on solution for web apps and RESTful web services. The goal of Keycloak is to make it easy for application developers to secure their apps and services. Security features that developers normally have to write for themselves are provided out of the box and are easily customizable to the individual requirements.

Keycloak supports standard protocols like OAuth 2.0, OpenID Connect, SAML 2.0.  It provides a number of features including:

  • Acts as a centralized authentication server
  • Provides user federation to sync users from LDAP and Active Directory servers
  • Integrates with 3rd party identity providers including social networks
  • Provides Rest APIs and an administration GUI for central management of users, roles, role mappings, clients and configuration.

The installation and configuration of the Keycloak SSO server on OpenShift can now be automated using the operator.  The operator creates the following Kubernetes resources:

  • Keycloak Server
  • Keycloak Realm
  • Keycloak Backup
  • Keycloak Client
  • Keycloak User

[Video] Getting Started With The Keycloak SSO Operator

If you are interested in learning more, take a look at the following resources: