Securing Infinispan With Keycloak

Infinispan is often used in scenarios where low-latency access to data is critical, such as caching frequently accessed database queries, session data in web applications, or other use cases where quick access to data can improve overall system performance.
Keycloak is an open-source identity and access management solution developed by Red Hat.
Keycloak is designed to simplify the implementation of security protocols and standards such as OAuth 2.0, OpenID Connect, and SAML. Some key features include Single Sign-On, Identity Brokering, User Authentication, User Federation, RBAC, and more.
Keycloak uses Infinispan as its underlying data store for caching and storage purposes.
Infinispan provides scalable and efficient caching of authentication and authorization-related data.
Some ways Keycloak leverages Infinispan include Caching User Sessions, storing Authorization policies, providing distributed caching, improving performance, failover recovering and more.
Infinispan provides several ways to handle authentication and user management.
Token-based authentication is supported, and Keycloak can be used for that purpose.
Because we're going to run Keycloak in one container and Infinispan in another, let's set up a network to connect them.
Keycloak Image will create an administrator user by defining the KEYCLOAK ADMIN and KEYCLOAK ADMIN PASSWORD environment variables.
Keycloak realms are a fundamental concept in Keycloak.
Once we have the two clients created, we need to create an admin user for Infinispan.
The Infinispan Server will be reaching out to the Keycloak Server inside the Docker environment.
Accessing the following URL provides the information used by the Infinispan Web console to handle authentication.
The Infinispan Console will use the information above, and making use of the Keycloak Javascript Adapter, the interface will redirect to Keycloak for user authentication.
When opening the Infinispan Console, Infinispan will attempt to make a call to a REST API that requires authentication.
You'll be redirected to the Keycloak authentication, where you should use the credentials admin/adminPassword.
After Keycloak redirects back to the Infinispan Console, you can verify that the admin is authenticated.
Return to the Infinispan Console, and you'll notice that the admin user is now granted the admin role in Infinispan as well.
Learn more about it in the Keycloak and Infinispan documentation.

This Cyber News was published on feeds.dzone.com. Publication date: Wed, 10 Jan 2024 19:13:06 +0000

Cyber News related to Securing Infinispan With Keycloak

Securing Infinispan With Keycloak - Infinispan is often used in scenarios where low-latency access to data is critical, such as caching frequently accessed database queries, session data in web applications, or other use cases where quick access to data can improve overall system ...
2 years ago Feeds.dzone.com Cloak

Infinispan Insights: Security Basics and Secured Caches - Infinispan uses Role-Based Access Control for authorization. Security realms integrate Infinispan Server deployments with the network protocols and infrastructure in your environment that control access and verify user identities. Infinispan ...
2 years ago Feeds.dzone.com Cloak

Deploy Keycloak Single Sign-On With Ansible - In this article, you'll use Ansible to simplify and automate the installation of Keycloak, a popular open-source tool to implement single sign-on for Web applications. The tutorial in this article builds on an Ansible Collection named middleware ...
2 years ago Feeds.dzone.com Cloak

Automate Your SSO With Ansible and Keycloak - The article Deploy Keycloak single sign-on with Ansible discussed how to automate the deployment of Keycloak. In this follow-up article, we'll use that as a baseline and explore how to automate the configuration of the Keycloak single sign-on server, ...
2 years ago Feeds.dzone.com Cloak

Securing Student Data in Cloud Services - In today's educational landscape, securing student data in cloud services is of utmost importance. One key aspect of securing student data in cloud services is ensuring proper data encryption. This article explores the various challenges and best ...
2 years ago Securityzap.com

CVE-2020-10746 - A flaw was found in Infinispan (org.infinispan:infinispan-server-runtime) version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated to the local machine to perform all operations on the ...
4 years ago

CVE-2024-9666 - A vulnerability was found in the Keycloak Server. The Keycloak Server is vulnerable to a denial of service (DoS) attack due to improper handling of proxy headers. When Keycloak is configured to accept incoming proxy headers, it may accept non-IP ...
1 year ago Tenable.com Cloak

CVE-2024-10451 - A flaw was found in Keycloak. This issue occurs because sensitive runtime values, such as passwords, may be captured during the Keycloak build process and embedded as default values in bytecode, leading to unintended information disclosure. In ...
1 year ago Tenable.com Cloak

CVE-2025-49006 - Wasp (Web Application Specification) is a Rails-like framework for React, Node.js, and Prisma. Prior to version 0.16.6, Wasp authentication has a vulnerability in the OAuth authentication implementation (affecting only Keycloak with a specific ...
7 months ago Cloak

CVE-2021-3637 - A flaw was found in keycloak-model-infinispan in keycloak versions before 14.0.0 where authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly which could lead to a DoS attack. ...
4 years ago Cloak

CVE-2019-10174 - A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection ...
3 years ago

CVE-2023-6787 - A flaw was found in Keycloak that occurs from an error in the re-authentication mechanism within org.keycloak.authentication. This flaw allows hijacking an active Keycloak session by triggering a new authentication process with the query parameter ...
1 year ago Cloak

CVE-2025-9162 - A flaw was found in org.keycloak/keycloak-model-storage-service. The KeycloakRealmImport custom resource substitutes placeholders within imported realm documents, potentially referencing environment variables. This substitution process ...
4 months ago

CVE-2025-10044 - A flaw was found in Keycloak. Keycloak’s account console and other pages accept arbitrary text in the error_description query parameter. This text is directly rendered in error pages without validation or sanitization. While HTML encoding prevents ...
4 months ago

CVE-2025-12390 - A flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up ...
2 months ago

CVE-2024-7260 - An open redirect vulnerability was found in Keycloak. A specially crafted URL can be constructed where the referrer and referrer_uri parameters are made to trick a user to visit a malicious webpage. A trusted URL can trick users and automation into ...
1 year ago Cloak

CVE-2022-27225 - Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. It uses Keycloak for identity management services. During the sign-in process, Keycloak sets browser cookies that effectively provide remember-me ...
1 year ago Cloak

Master the Art of Data Security - As we step further into the digital age, the importance of data security becomes increasingly apparent. As with all data storage services, it's crucial to ensure that the data stored on Amazon S3 is secure, particularly when it's 'at rest'-that is, ...
2 years ago Feeds.dzone.com

Strategies for Securing Student Data in Cloud Services - This article addresses the strategies that educational organizations can employ to ensure the protection and confidentiality of student data in cloud services. Implementing strong access controls is crucial for ensuring the security of student data ...
2 years ago Securityzap.com

Securing Educational Robots: IoT Security in Robotics Education - As robotics continues to be integrated into educational settings, the use of educational robots powered by the Internet of Things presents exciting opportunities for enhancing learning experiences. With technological advancements come the critical ...
2 years ago Securityzap.com

The Ultimate Guide To Securing Virtual Machines - Virtual machines have become an essential component of many sectors in the digital era, providing flexibility, scalability, and cost-efficiency. The security of these virtualized environments, on the other hand, is critical. This article will guide ...
2 years ago Feeds.dzone.com

Three Trends to Watch in 2024 - Our new guide, The Healthcare CISO's Guide to Cybersecurity Transformation, highlights the latest trends in healthcare today and where security leaders should focus their defensive efforts going forward. Malicious attacks on healthcare have grown ...
1 year ago Paloaltonetworks.com

Securing Linux Containers - A Guide for Cloud-Native Environments - “A core principle of container security is reducing the attack surface-the total of all points where an unauthorized user could try to access the system,” notes a recent TuxCare security advisory. The most effective container security ...
7 months ago Cybersecuritynews.com

CVE-2020-1731 - A flaw was found in all versions of the Keycloak operator, before version 8.0.2,(community only) where the operator generates a random admin password when installing Keycloak, however the password remains the same when deployed to the same OpenShift ...
4 years ago Cloak

CVE-2019-14820 - It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized ...
4 years ago Cloak