please-open.it

please-open.it

@please-open-it.bsky.social

We can help you on your authentication Keycloak experts

41 Followers 3 Following 14 Posts Joined Oct 2023
Posts Following
1 week ago
Get self-locking sessions in Keycloak with PIN step-up authentication Keycloak supports of Authentication Context Class Reference allows you to add so low friction PIN re-authentication for sensitive actions. Adressing one of the most and unadressed problem of authentic...

Lock your session without logging out in Keycloak by using a PIN code

blog.please-open.it/posts/acr-lo...

2 3 0 0
1 month ago
Keycloak OAuth2-Proxy Configuration Generator: Simplify Your Reverse Proxy Authentication Setup Discover our new Keycloak SPI extension that automatically generates OAuth2-Proxy configurations. Export ready-to-use environment variables or complete configuration files directly from your Keycloak ...

oauth2proxy configuration generator for Keycloak
blog.please-open.it/posts/oauth2...

0 2 0 0
1 month ago
Why Your European Business Is Probably Breaking GDPR Law Right Now How american and european laws are conflicting putting european businesses in an impossible situation.

European Companies: if you host your data with a US cloud provider, you are not GDPR-compliant. ⚠️
The Cloud Act overrides data location.
Yes, even if your servers are in Europe.
⬇️
blog.please-open.it/posts/cloud-...

1 0 0 1
2 months ago
Authentication Proxy: Simplify Authentication in Any Application Discover how to add authentication to any application without code changes using our NGINX-based OpenID Connect proxy. Separate authentication from development, define public vs private URLs, and depl...

An authentication proxy is the best pattern for deploying SSO on existing and new apps.
The proxy is in charge of the authentication mechanism, the application receive authenticated requests with the user's details in HTTP Headers.
blog.please-open.it/posts/auth-p...

0 2 0 0
3 months ago
Preview
GitHub - please-openit/jwt-decode-bash: a bash script to decode and verify jwt tokens a bash script to decode and verify jwt tokens. Contribute to please-openit/jwt-decode-bash development by creating an account on GitHub.

After oidc-bash, we tried to make a JWT Decoder in bash. It was so complicated with the signatures!

github.com/please-openi...

3 3 0 0
3 months ago
Preview
GitHub - please-openit/keycloak-user-attribute-regexp-mapper Contribute to please-openit/keycloak-user-attribute-regexp-mapper development by creating an account on GitHub.

Another module for Keycloak :
user attribute regexp mapper

Because in Keycloak user attributes are multivalued (with ability to aggregate them with "user attribute mapper"), we added a regexp filter only to send back attribute if it matches.

github.com/please-openi...

0 1 0 0
4 months ago
Preview
GitHub - please-openit/keycloak-groups-regexp-mapper Contribute to please-openit/keycloak-groups-regexp-mapper development by creating an account on GitHub.

New Keycloak module : groups regexp mapper. Map only groups (to a token, userinfo...) that only matches to a RegExp

github.com/please-openi...

0 0 0 0
7 months ago
A custom http header to token claim mapper for Keycloak Map an HTTP header value to a claim in a token. This solution was needed for a specific use case : keep the user locale.

Map HTTP headers to claims in tokens. We built this to support locales during a client_credentials authentication process

blog.please-open.it/posts/keyclo...

1 2 0 0
7 months ago
Post image

We built a desktop JWT decoder, directly accessible from the system tray :

blog.please-open.it/posts/jwt_de...

github.com/please-openi...

2 0 0 1
9 months ago
User Agent Filter Authenticator We develop a new plugin for Keycloak that filters the user-agent header on authentication request.

An authenticator to match rfc8252 8.12 ! "native apps MUST NOT use embedded user-agents to perform authorization requests and allows that authorization endpoints MAY take steps to detect and block authorization requests in embedded user-agents"
blog.please-open.it/posts/user-a...

0 1 0 0
1 year ago
Please Open It Blog Keycloak as a service - oauth2/openid connect consulting

Deploy keycloak on dokku
Ready for production, with themes and SPIs built directly
please-open.it/blog/keycloa...

1 2 0 0
1 year ago
Post image

In Keycloak, you MUST take a look and uncheck "full scope allowed" checkbox if you use roles.
blog.please-open.it/full-scope-a...

0 1 1 1
1 year ago
Please Open It Blog Keycloak as a service - oauth2/openid connect consulting

a "no code" event-listener for Keycloak with @n8n-io.bsky.social
blog.please-open.it/event-listen...

1 2 0 0
2 years ago
Our vision about authorizations After years of consulting, we created our own authorization platform

How and why we built our own authorizations platform. Spoiler : avoid "authorizations as code" platforms, what you need is a specific data model for your needs
blog.please-open.it/authz/

5 2 0 0