Upgrade to Pro — share decks privately, control downloads, hide ads and more …

AuthN & AuthZ with distributed systems

thanhgit
April 29, 2022
Technology
0
130

AuthN & AuthZ with distributed systems

- Understanding about AuthN & AuthZ
- Understanding about keycloak solution
- Demo AuthN & AuthZ with keycloak, gitlab, kong, backend apps

thanhgit

April 29, 2022
Tweet

More Decks by thanhgit

See All by thanhgit
Developer portal
thanhgit
0
50
AWS ECS fargate
thanhgit
0
99
AWS Lambda function
thanhgit
0
110
CICD from on-premise to cloud
thanhgit
0
140
Infra as Code (terraform)
thanhgit
0
93
Accessing RDS from local
thanhgit
0
78
Pritunl VPN Server
thanhgit
0
110
Permission design
thanhgit
0
69
Blockchain - góc nhìn về kĩ thuật và ứng dụng
thanhgit
0
230

Other Decks in Technology

See All in Technology
いざ、BSC討伐の旅
nikinusu
2
780
Making your applications cross-environment - OSCG 2024 NA
salaboy
0
180
フルカイテン株式会社 採用資料
fullkaiten
0
40k
これまでの計測・開発・デプロイ方法全部見せます! / Findy ISUCON 2024-11-14
tohutohu
3
370
AWS Media Services 最新サービスアップデート 2024
eijikominami
0
200
開発生産性を上げながらビジネスも30倍成長させてきたチームの姿
kamina_zzz
2
1.7k
Introduction to Works of ML Engineer in LY Corporation
lycorp_recruit_jp
0
110
Evangelismo técnico: ¿qué, cómo y por qué?
trishagee
0
360
BLADE: An Attempt to Automate Penetration Testing Using Autonomous AI Agents
bbrbbq
0
300
Lexical Analysis
shigashiyama
1
150
[FOSS4G 2024 Japan LT] LLMを使ってGISデータ解析を自動化したい!
nssv
1
210
スクラムチームを立ち上げる〜チーム開発で得られたもの・得られなかったもの〜
ohnoeight
2
350

Featured

See All Featured
Imperfection Machines: The Place of Print at Facebook
scottboms
265
13k
Typedesign – Prime Four
hannesfritz
40
2.4k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
131
33k
Thoughts on Productivity
jonyablonski
67
4.3k
For a Future-Friendly Web
brad_frost
175
9.4k
Bootstrapping a Software Product
garrettdimon
PRO
305
110k
Build your cross-platform service in a week with App Engine
jlugia
229
18k
Fantastic passwords and where to find them - at NoRuKo
philnash
50
2.9k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
44
2.2k
Designing the Hi-DPI Web
ddemaree
280
34k
10 Git Anti Patterns You Should be Aware of
lemiorhan
654
59k
Gamification - CAS2011
davidbonilla
80
5k

Transcript

  1. AuthN & AuthZ with distributed systems By Thanh Nguyen

  2. What authentication & authorization

  3. Why do you need authenticate and authorize ? - About

    user: - Protect your data (sensitive data) with user identity (authentication) - Ensure that your business operate in security way - About system: - Data don’t affect each other between tenants in application - Each user type have behaviours differently perspective roles - Interact service-to-service, user-to-service in security way ...

  4. Available solution - Self-built as a service or apart of

    software - Pros: full control - Cons: waste time - Using 3rd party such as Facebook, google+, … - Pros: quickly development - Cons: dependent to external organization - Buy enterprise solution: cisco, ibm, oracle, ... - Pros: full support, utility - Cons: high cost - Self-host open source based authorization server: keycloak, ory/hydra, … - Pros: can customize - Cons: have complexity to develop and operate

  5. Technical requirements - Single sign on (SSO) such as google,

    gitlab, sentry, … - Basic authentication - Authorize webs, apps

  6. Appropriate solution - Keycloak as IAM services - Keycloak support

    for integrate for kong api gateway, app, ... - Keycloak support for Single Sign-On with google for gitlab, sentry, mastermost, …

  7. Multi-factor authentication

  8. Centrally user management

  9. Single Sign-On

  10. Use case: Keycloak + kong api gateway

  11. None

  12. Demo - Demo authN with Single Sign-On - Sequence diagram

    - Login gitlab with basic authentication (username / password) - Login gitlab with 3rd party (google) - Demo authZ - Sequence diagram - Designing roles - Assign user to role - Call api with postman

  13. Demo authN with SSO

  14. Login gitlab

  15. Redirect to keycloak login

  16. Authenticate with username / password

  17. Return dashboard of kong user

  18. Authenticate with google

  19. None
  20. None
  21. None

  22. Demo authZ

  23. Designing roles for demo project in keycloak

  24. Assign user1 to admin role in keycloak

  25. Assign user2 to user role in keycloak

  26. Get access token of admin role

  27. Call api with admin role access token

  28. Get access token of user role

  29. Call api with user role access token

  30. Bonus: OAuth 2.0 pattern - Authorization code grant flow -

    Implicit grant flow - Resource owner password credentials grant flow - Client credentials grant flow

  31. Authorization code grant

  32. Implicit grant flow

  33. Resource owner password credentials grant flow

  34. Client credentials grant flow

  35. References https://www.keycloak.org/getting-started/getting-started-docker https://www.jerney.io/secure-apis-kong-keycloak-1/ https://github.com/d4rkstar/kong-konga-keycloak

  36. THANK FOR LISTENING