Confirmed consultants for SSO, Authentication or identity management.
OAuth2.0, OpenID Connect with solutions like Keycloak, Ory Hydra or Gluu Server
| See what we do every daySenior consultant, worked for companies like Berger-Levrault or OVH.
SSO specialist architect with multiple user sources (LDAP, AD, other IDPs)
Favorite work tool : a white board.
Senior consultant, worked on complex systems from conception to development.
Can adapt Keycloak for ANY use case by high skills and knowledge in extensions development.
Favorite work tool : a fully functional prototype
By default, a client has "roles" scope as "default" so a user will have all affected clients roles in its tokens. Learn how and why you must restrict roles in tokens by turning off "full scopes allowed" switch.
Posted on Mon 2 December 2024
Create your own nocode event-listener for Keycloak with n8n.
Posted on Wed 20 November 2024
How to spawn a simple bind LDAP proxy for keycloak OIDC password grant in a nutshell.
Posted on Mon 16 September 2024
With Google Apps Script, we created a gmail extension that interacts with Gitlab
Posted on Mon 09 September 2024
Learn how to enrich native metrics in Keycloak with Micrometer
Posted on Mon 08 August 2024
Introduction to authenticator development : display an alert message during login process if Keycloak is not up to date
Posted on Thu 07 March 2024
Authenticate users in n8n workflow with openid connect, example with Keycloak.
Posted on Wed 29 November 2023
After years of consulting, we created our own authorization platform that perfectly fits with all needs we have seen.
Posted on Mon 06 November 2023
Check bad configuration in Keycloak, connected to your monitoring.
Posted on Thu 28 September 2023
Postgrest is an API generator from PostgreSQL databases, let's see how we can deploy and use it on Clever-Cloud.
Posted on Fri 18 August 2023
Use your own Keycloak as SSO for Airtable.
Only available for the "enterprise" plan, you can add your own SSO to your Airtable organization. Lets take a look how to integrate Keycloak.
Posted on Fri 10 March 2023
Keycloak now supports Authentication Context Class Reference parameter for different Level of Authentication. It means that you can define different level of authentication in a single flow.
Posted on Wed 8 November 2022
A little tool written in bash for understanding CIBA authentication protocol.
Posted on Wed 26 October 2022
When you add external identity providers to your Keycloak Realm, it retrieves tokens from your identity providers, then sends back to your application a new access_token from your Keycloak Realm.
What about the original token ?
Posted on We 20 October 2022
How and why we added a module for postgres authentication that supports oauth2. This PAM module is also usable for all Unix authentication methods.
Posted on Thu 01 September 2022
Keycloak generates a session on each user login. Those sessions are replicated in infinispan caches. Sometimes, we only need a token, not a session. This is how to do it.
Posted on We 16 March 2022
Keycloak.x will become the reference soon.
According to the Blog Post, Keycloak 18 will not support Wildfly, after that no wildfly version... Now it is time to migrate !
We are still waiting for a Kubernetes operator with Keycloak.X, in this post we will see how to build your own cluster based on Keycloak.X 16.1.0
Posted on We 05 January 2022
At please-open.it we use Keepass for passwords management. This simple and open source solution gives us entire satisfaction, only with a shared file on our internal cloud.
We tried to improve a lot the user experience by creating the simpliest passwords manager application.
Posted on Mo 03 January 2022
UMA 2.0 is known as a delegation of authorizations standard. Keycloak is fully compatible with UMA 2.0.
With a bash tool developped by please-open.it, let's see how to use UMA 2.0
This article explains what is UMA 2.0 with an example using our new bash tool : uma-bash-client.sh
Posted on Fr 13 August 2021
Keycloak 13.0 now supports device code flow. Lets take a tour of how to use it.
Posted on Thr 06 May 2021
Action tokens are a particular type of token that allows unauthenticated users to perform some limited and predefined actions.
In this article we will see how to use them to create authenticated download links with a simple and short PHP script intended to run on shared web hosting.
Posted on Fri 09 April 2021
There are several methods for authentication : certificates, passwords, pincode, webauthn, One Time Password...
Choosing an authentication method is not a technical choice : it has hudge impacts on security but also on User eXperience.
This article shows several demos, built with Keycloak, and let you have a perception of User eXperience for each authentication method.
Posted on Fri 02 April 2021
Action tokens are a particular type of token that allows unauthenticated users to perform some limited and predefined actions.
Usual use case are :
This article explains what is an action token and how to use it to authenticate users from a link inside a newsletter
Posted on Fri 08 January 2021
A year ago, Keycloak Team introduced Keycloak.X distribution : https://www.keycloak.org/2019/10/keycloak-x
We were very excited about this project :
Now, our infrastructure has migrated to Keycloak.X. Any (free) account on our plateform is now running on Keycloak.X distribution.
Posted on Mon 22 December 2020
A link between an LDAP directory to Keycloak could be considered as a "must have". Many times, companies want to connect their directory to a Keycloak. Keycloak could be considered as an "OpenId Connect proxy" between webapps and an Active Directory.
Keycloak can retrieve users from LDAP, synchronize groups, roles or custom attributes. Let's have a complete tour of what you can do with this connector.
Posted on Mon 27 September 2020
Authorization code grant (also named "auth_code") is one of the most popular authentication method on the web. Every oauth2 provider implements this flow which is the best for web authentication. Facebook, Google, Twitter, Linkedin... all of them use it (or partially, we will explain why).
Posted on Wed 02 July 2020
Autoriser les accès à mon API à des services tiers :
Posted on Wed 23 April 2020
OpenVPN allows usage of PAM modules. By using an oauth2 client PAM module and
password grant, we can use our own SSO (Keycloak) to authenticate users on a VPN infrastructure.
For Oauth2 providers which do not allow Password Grant, we will use a "token authentication" by
providing a
valid token instead of a password. Code and demo with Google as authentication provider.
Posted on Thu 2 April 2020
Oauth2 dans le monde des ops :
Posted on Wed 25 March 2020
With your team, and a white board, understanding the possibilities of a SSO for your use cases.
Ensure the security and efficiency of your authentication systems through our comprehensive audit services
Need custom login actions ? Specific identity providers or users databases ? Almost everything is possible
Craft robust and scalable authentication architectures tailored to your business objectives.
Any question ? Want more information ? Follow us or you can reach out to us via email.