In my talk, I will explain how to use MFA correctly, what it is and what it is not. Afterwards, I’ll show hands-on how to configure Keycloak for proper MFA usage and how you also can use passwordless authentication using Passkeys in parallel to traditional authentication with username, password and MFA.
The session includes:
This talk will introduce attendees to the concept of configuration as code in Keycloak, focusing on the Keycloak Java Admin Client as a powerful tool for future-proofing IAM systems. By embracing configuration as code, organizations can increase security, reduce errors, and streamline the management of their IAM infrastructure.
Key Takeaways:
By the end of this talk, attendees will be armed with the knowledge and tools needed to transform their Keycloak projects from ticking time bombs to robust, resilient, and easily maintainable IAM solutions, ensuring they're prepared for any challenges that lie ahead.
In this talk, we'll go beyond the basics to explore common security pitfalls in Keycloak deployments that we've encountered during our journey. More importantly, we'll introduce our open source tool, kcwarden, which we developed to automate security auditing of Keycloak configurations. This tool not only detects standard security issues but can be customized to identify organization-specific concerns such as problematic role assignments or policy violations, enabling continuous monitoring of your Keycloak environment.
Join us to discover how kcwarden can enhance your existing Keycloak deployment's security posture and learn practical strategies for implementing automated configuration checks into your operational workflows."
Discover how to extend static configurations with sets of dynamic event driven configuration, making your IAM projects resilient against change and highly adaptable. Learn the secrets of coding, versioning, and replaying configurations, ensuring your Keycloak setup is robust, future-proof and, most of all, dynamic.
Join Maik Kingma for a session that blends technical mastery with the lore of IAM, equipping you with the knowledge to wield dynamic configuration like a true sorcerer. By the end, your Keycloak projects will be fortified, ready to face any IAM challenge ahead."
In the field of AI agents, Model Context Protocol (MCP) becomes a hot topic, which makes it easy for an AI agent/tool to connect internal/external services.
When an AI agent/tool implementing an MCP client accesses a remote external service implementing an MCP server, end user authentication and authorization is sometimes required. According to the MCP specification, OAuth 2.1 needs to be used for that, which implies that there is the possibility of using Keycloak for end user authentication and authorization because Keycloak supported OAuth 2.1.
Firstly, Takashi talks about MCP briefly and describes end user authentication and authorization of MCP in more detail. After that, the speaker shows the possible system configuration that includes Keycloak as a part of the MCP server.
Why change from Arquillian? What are the new framework's key features? How does it all work, and where do I start? All of these questions and more will be answered in this session. By the end, you'll have a clear understanding of how to leverage the Keycloak Test Framework to write more effective tests, save time, and improve the overall quality and maintainability.
As a foundational step, we aim to enable Keycloak to seamlessly support both explicit and automatic client registration under OpenID Federation, acting as both an OP and an RP within the identity federation using OpenID Connect and OAuth 2.0. We'll show how to enable and configure OpenID Federation on a per-realm basis through the admin console using mandatory and optional realm settings. Our presentation will delve into the REST API and code implementation, with a particular focus on the explicit registration process. We'll also engage in a discussion about outstanding issues, open technical challenges, and future considerations, including the implementation of other OpenID Federation components.
A key use case for this development is the EOSC Beyond project, where Keycloak-powered identity and access management services will participate in the European Open Science Cloud identity federation, leveraging the OpenID Federation specification. This will greatly simplify integration and enhance scalability across the EOSC ecosystem by enabling secure, interoperable access to resources. To bring it all to life, we'll offer a practical demonstration showcasing OpenID Federation in the project context.
Van der Valk Hotel Amsterdam Zuidas – RAI
Tommaso Albinonistraat 200
Zuideramstel
1083 HM Amsterdam
Netherlands
Please use Google Maps to find out how to get there.
Google Maps