Reputation: 1185
Keycloak and spring security usage
I have used spring security in the past and understand that most of the features of keycloak can be achieved by using spring security ( ldap integration etc ).
Apart from easy social media login validation, are there any other unique features in key cloak which cannot be done using spring security?
Upvotes: 2
Views: 1956
Answers (2)
Reputation: 2779
Keycloak allows you:
- to use multiple user storage and get users from multiple LDAP/AD or Kerberos or use without any LDAP.
- to login once (SSO) and forget about to login from another application with GUI;
- to use one authorization server for multiple application by separation them by realms. One thing should be noted: keycloak could be installed on multiple nodes for better reliability; This also could helpful when application become big and once you decide to separate it on multiple.
- to add user additional attributes and fields during get user info without coding (trivial example - set phone number) or specific roles (on realm or even client level) or groups and use all this on the top of an AD attributes;
- to configure password rules like password expiration, e-mail validation and so on;
- to set up 2-factor authorization with SMS or Email.
These things I think could be implemented using Spring Security, but it takes more time than Keycloak installation and configuration. Personally, I am using Keycloak in multiple commercial projects and could claim that Keycloak is good.
Upvotes: 2
Reputation: 1592
With spring-security you would have to create Spring authentication server and explicitly configure/code certain things for integration with LDAP, OAuth2/OIDC providers.
Keycloak is already OAuth2/OIDC/SAMPL compliant IAM provider. It provides features like User Federation with options like LDAP, integration with other OIDC provider etc.
Keycloak provides SPI integration points where you can customize the request flow, use OTP, perform two factor authentication, add google CAPTCHA, or even your CAPTCHA. It provides role based authorization too if you need.
It also provides event handling integration points for events like Login, logout, refresh token, etc.
Keycloak Community will keep adding new features or keep supporting it w.r.t. changes in OAuth2, OIDC, SAML. You don't need to worry about updating your code time to time. Along with this, security updates will be there.
There are many more features.
Most importantly, why reinvent the wheel, if you get these many features and good support.
Upvotes: 3
Related Questions
- Keycloak Spring boot configuration
- Keycloak and Spring Boot: session creation policy
- Keycloak 4.0.0 Beta 2 with Spring Boot 2
- Keycloak Integration with Spring Boot
- Keycloak Policy Enforcing
- Spring Boot Configuration -- keycloak
- Secure methods using SpringBoot and Keycloak
- Spring boot and Keycloak
- Keycloak + Spring Security, through local login form
- Keycloak security for Spring base rest apis