Securing Hadoop Big Data Landscape with Apache Knox Gateway and Keycloak: Part 1(Keycloak’s introduction)

June 13, 2019 1 comment Article Technology

In this post we will cover the topic of securing your Hadoop infrastructure using Apache Knox and Keycloak. We will start with a general introduction of the projects involved and the will look at a sample configuration of both.

Keycloak’s introduction

Keycloak is an open source Identity and Access Management solution aimed at modern applications and services. It makes it easy to secure applications and services with little to no code.

Commercially supported by RedHat.

Apache Knox in itself provides SSO capabilities but is not a complete identity management solution. So to authenticate our applications and micro services we will delegate the authentication part to Keycloak. Some of the features of Keycloak are

  • Single-Sign OnLogin once to multiple applications
  • Standard ProtocolsOpenID Connect, OAuth 2.0
    and SAML 2.0
  • Centralized Management For admins and users
  • Adapters to secure applications and services easily available for the following platforms
    • Java
      • JBoss EAP
      • WildFly
      • Fuse
      • Tomcat
      • Jetty 9
      • Servlet Filter
      • Spring Boot
      • Spring Security
    • JavaScript (client-side)
      • JavaScript
    • Node.js (server-side)
      • Node.js
    • C#
      • OWIN (community)
    • Python
      • oidc (generic)
    • Android
      • AppAuth (generic)
      • AeroGear (generic)
    • iOS
      • AppAuth (generic)
      • AeroGear (generic)
    • Apache HTTP Server
      • mod_auth_openidc
    • SAML
  • LDAP and Active Directory
  • Social Login
  • Identity Brokering(OpenID Connect or SAML 2.0 IdPs)
  • Clustering
  • Themes
  • Extensible through code
  • Password Policies

So as you can see Keycloak has an exhaustive list of features for an Identity server and if your organization already is using an identity management server you can also delegate the actual authentication to it by configuring an Identity Broker.

Getting Started with Keycloak

The only prerequisite is to have Java installed on your machine, after that getting started with Keycloak is as easy as downloading the standalone server distribution from the keycloak’s website and heading to the “bin” directory of the server distribution and run the “standalone” boot script.

Linux/Unix
$ cd bin $ ./standalone.sh
Windows
> ...\bin\standalone.bat

1 comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

This site uses Akismet to reduce spam. Learn how your comment data is processed.