Keycloak / Aerobase

Knowledge shared by Aviad

Keycloack

Keycloak is an open source Identity and Access Management solution aimed at modern applications and services. It makes it easy to secure applications and services with little to no code.

• Keycloak supports login with (SSO).
• Keycloak also supports login with username/password

In order to integrate Keycloak with Windows Active Directory we need to (In Kryon case):

• Integrate with LDAP, which means that user accounts will be provisioned from LDAP server.
• Add service principal for "HTTP" service (with Keytab File). For example if your Keycloak server will be running on www.mydomain.org you may need to add principal HTTP/www.mydomain.org@MYDOMAIN.ORG assuming that MYDOMAIN.ORG will be your Kerberos realm.

More about Keycloack: https://www.keycloak.org/about.html

Aerobase

Aerobase is a wrapper on top of Keycloack that make it easier to config and deploy on windows environment (Keycloack is insdie Aerobase msi package).

Aerobase benefits over bare Keycloack:

• One stop shop configuration file (aerobase.rb file) that can be reconfigure easily by running ‘aerobase-ctl.bat reconfigure’ command.
• Ngnix web server wrapper.
  • Wrap user management console WildFly server behind reverse proxy.
  • Easy TLS support.
• Wrapping Keycloak as windows service.

More about Aerobase: https://aerobase.io/