CyberSecurityBoard
Sponsor Register Login

Deploy Keycloak Single Sign-On With Ansible

In this article, you'll use Ansible to simplify and automate the installation of Keycloak, a popular open-source tool to implement single sign-on for Web applications.
The tutorial in this article builds on an Ansible Collection named middleware automation.
Keycloak, which has been specifically designed for this endeavor.
To make use of this tutorial, you need a Red Hat Enterprise Linux or Fedora system, along with version 2.9 or higher of Ansible.
Redhat csp: This collection allows Ansible to connect to the Red Hat Customer Portal to download Red Hat's single sign-on technology, which is a productized and supported version of Keycloak.
Wildfly: Keycloak runs on top of the Wildfly application server, including Red Hat JBoss Enterprise Application Platform, which is the version of Wildfly supported by Red Hat.
Depending on the configuration of the machine used as the Ansible controller, you might need to add some Python dependencies so that Ansible will have the libraries required to make use of the collection.
Thanks to the dedicated collection you just installed, automating the installation and configuration of Keycloak is easy.
Before you implement this inside your playbook, we should recap what we mean here by installing Keycloak.
The playbook begins by defining a variable for the Keycloak server administrative user.
Note that, because this variable is a password, it should really be secured using Ansible Vault or some other secrets management system.
The configuration then adds the Ansible collection for Keycloak to the list used by the playbook and adds the associated middleware automation.
Keycloak role to the list of roles that the playbook uses.
Ansible/collections/ansible collections/middleware automation/keycloak/roles/keycloak/tasks/restart keycloak.
Figure 1: The Keycloak administrative site should be running on your local computer.
To summarize, at the end of this playbook execution, you'll have a running systemd service managing an instance of Keycloak.
By using Ansible and the Ansible Collection for Keycloak as outlined in this article, you can fully automate the deployment of a single sign-on server.
In this article, Ansible has performed all the heavy lifting: downloading software, preparing the operating system, deploying the binary files and the configuration, setting up the service, and even preparing the required administrative account.
The Ansible Collection for Keycloak allows you to streamline the installation and configuration of Keycloak, thus enabling you to scale deployments as necessary and ensure repeatability across them all.
In an upcoming article, we'll discuss how to further automate Keycloak's single sign-on service by creating realms and their members using Ansible.


This Cyber News was published on feeds.dzone.com. Publication date: Mon, 11 Dec 2023 17:43:05 +0000


Cyber News related to Deploy Keycloak Single Sign-On With Ansible

Deploy Keycloak Single Sign-On With Ansible - In this article, you'll use Ansible to simplify and automate the installation of Keycloak, a popular open-source tool to implement single sign-on for Web applications. The tutorial in this article builds on an Ansible Collection named middleware ...
11 months ago Feeds.dzone.com
Automate Your SSO With Ansible and Keycloak - The article Deploy Keycloak single sign-on with Ansible discussed how to automate the deployment of Keycloak. In this follow-up article, we'll use that as a baseline and explore how to automate the configuration of the Keycloak single sign-on server, ...
11 months ago Feeds.dzone.com
Securing Infinispan With Keycloak - Infinispan is often used in scenarios where low-latency access to data is critical, such as caching frequently accessed database queries, session data in web applications, or other use cases where quick access to data can improve overall system ...
10 months ago Feeds.dzone.com
How to Use Ansible with CML - Similar to Terraform, Ansible is a common, open-source automation tool often used in Continuous Integration/Continuous Deployment DevOps methodologies. Although overlaps exist in the capabilities of Terraform and Ansible, they are very complementary. ...
10 months ago Feedpress.me
CVE-2023-52240 - The Kantega SAML SSO OIDC Kerberos Single Sign-on apps before 6.20.0 for Atlassian products allow XSS if SAML POST Binding is enabled. This affects 4.4.2 through 4.14.8 before 4.14.9, 5.0.0 through 5.11.4 before 5.11.5, and 6.0.0 through 6.19.0 ...
10 months ago
CVE-2016-9587 - Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back ...
3 years ago
CVE-2019-14846 - In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the ...
2 years ago
CVE-2020-10709 - A security flaw was found in Ansible Tower when requesting an OAuth2 token with an OAuth2 application. Ansible Tower uses the token to provide authentication. This flaw allows an attacker to obtain a refresh token that does not expire. The original ...
2 years ago
The Role of Single Sign-On in Cloud Computing - Cloud computing has transformed how businesses access and manage their data and apps. We will look at the importance of SSO in cloud computing, its advantages, important components, implementation, obstacles, and the future of secure access ...
9 months ago Feeds.dzone.com
CVE-2017-7466 - Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could ...
3 years ago
CVE-2023-1092 - The OAuth Single Sign On Free WordPress plugin before 6.24.2, OAuth Single Sign On Standard WordPress plugin before 28.4.9, OAuth Single Sign On Premium WordPress plugin before 38.4.9 and OAuth Single Sign On Enterprise WordPress plugin before 48.4.9 ...
1 year ago
CVE-2024-6592 - Incorrect Authorization vulnerability in the protocol communication between the WatchGuard Authentication Gateway (aka Single Sign-On Agent) on Windows and the WatchGuard Single Sign-On Client on Windows and MacOS allows Authentication Bypass.This ...
1 month ago Tenable.com
Bitwarden: how to create and use Passkeys to sign in - They can use a master password and improve security by adding a two-factor authentication option to the process. A private part of it never leaves the device, which means that all standard password attacks don't work against passkeys. I used the ...
10 months ago Ghacks.net
Netskope Announces MSP-Friendly, Enterprise-Grade SASE Tailored for the Midmarket - PRESS RELEASE. SANTA CLARA, Calif. - January 22, 2024 - Netskope, a leader in Secure Access Service Edge, today announced the next addition to its family of single-vendor SASE offerings, focused on midmarket organizations and the Managed Service ...
9 months ago Darkreading.com
CVE-2016-8628 - Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user ...
5 years ago
CVE-2021-3681 - A flaw was found in Ansible Galaxy Collections. When collections are built manually, any files in the repository directory that are not explicitly excluded via the ``build_ignore`` list in "galaxy.yml" include files in the ``.tar.gz`` file. ...
2 years ago
CVE-2020-10698 - A flaw was found in Ansible Tower when running jobs. This flaw allows an attacker to access the stdout of the executed jobs which are run from other organizations. Some sensible data can be disclosed. However, critical data should not be disclosed, ...
2 years ago
CVE-2020-1753 - A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters ...
2 years ago
CVE-2020-10697 - A flaw was found in Ansible Tower when running Openshift. Tower runs a memcached, which is accessed via TCP. An attacker can take advantage of writing a playbook polluting this cache, causing a denial of service attack. This attack would not ...
2 years ago
Integration of Cisco Secure Threat Defense Virtual with Megaport - Business critical data can originate from diverse sources ranging from multiple public clouds, private clouds, and internal servers to a remote employee's device. Securing each data entity individually is time consuming and challenging due to lack of ...
5 months ago Feedpress.me
6 Best Open Source IAM Tools in 2024 - Identity access management tools, crucial for cybersecurity, have become highly sought-after due to rising identity-related breaches. IAM tools help organizations secure and manage user identities and access to resources, ensuring only authorized ...
8 months ago Techrepublic.com
CVE-2017-8040 - In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, an XXE (XML External Entity) attack was discovered in the Single Sign-On service dashboard. Privileged users can in some cases upload ...
3 years ago
CVE-2024-6594 - Improper Handling of Exceptional Conditions vulnerability in the WatchGuard Single Sign-On Client on Windows causes the client to crash while handling malformed commands. An attacker with network access to the client could create a denial of service ...
1 month ago Tenable.com
CVE-2024-47702 - In the Linux kernel, the following vulnerability has been resolved: bpf: Fail verification for sign-extension of packet data/data_end/data_meta syzbot reported a kernel crash due to commit 1f1e864b6555 ("bpf: Handle sign-extenstin ctx member ...
1 month ago Tenable.com
Beware of Expired or Compromised Code Signing Certificates - One of the vital security measures taken in this direction is the use of code signing certificates to prove software authenticity, integrity and security. Code signing certificates, used for digitally signing applications and software, are an ...
11 months ago Securityboulevard.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)