Flexible Method for Supporting OAuth 2.0 Based Security Profiles in Keycloak
Abstract
Keycloak is identity and access control open-source software. When used for open banking, where many OAuth 2.0 clients need to be managed and a different OAuth 2.0-based security profile needs to be applied to each type of API, the problem of increasing managerial costs by the Keycloak administrator occurs because Keycloak's security profile logic depends on the client settings, and the logic cannot be changed for each client's request. This paper proposes its solution by separating the security profile logic from the client settings, and by changing the security profile for each client's request based on the content of the request, and actual security profiles Financial-grade API (FAPI) are implemented to Keycloak. The paper calculates managerial costs in both the existing and proposed methods in scenarios managing FAPI, and compares the results. The comparison shows that using the proposed method reduces costs. Our implementations are contributed to Keycloak.
- Citation
- BibTeX
Norimatsu, T., Nakamura, Y. & Yamauchi, T.,
(2022).
Flexible Method for Supporting OAuth 2.0 Based Security Profiles in Keycloak.
In:
Roßnagel, H., Schunck, C. H. & Mödersheim, S.
(Hrsg.),
Open Identity Summit 2022.
Bonn:
Gesellschaft für Informatik e.V..
(S. 87-98).
DOI: 10.18420/OID2022_07
@inproceedings{mci/Norimatsu2022,
author = {Norimatsu, Takashi AND Nakamura, Yuichi AND Yamauchi, Toshihiro},
title = {Flexible Method for Supporting OAuth 2.0 Based Security Profiles in Keycloak},
booktitle = {Open Identity Summit 2022},
year = {2022},
editor = {Roßnagel, Heiko AND Schunck, Christian H. AND Mödersheim, Sebastian} ,
pages = { 87-98 } ,
doi = { 10.18420/OID2022_07 },
publisher = {Gesellschaft für Informatik e.V.},
address = {Bonn}
}
author = {Norimatsu, Takashi AND Nakamura, Yuichi AND Yamauchi, Toshihiro},
title = {Flexible Method for Supporting OAuth 2.0 Based Security Profiles in Keycloak},
booktitle = {Open Identity Summit 2022},
year = {2022},
editor = {Roßnagel, Heiko AND Schunck, Christian H. AND Mödersheim, Sebastian} ,
pages = { 87-98 } ,
doi = { 10.18420/OID2022_07 },
publisher = {Gesellschaft für Informatik e.V.},
address = {Bonn}
}
Dateien | Groesse | Format | Anzeige | |
---|---|---|---|---|
proceedings-07.pdf | 467.7Kb | View/ |
Sollte hier kein Volltext (PDF) verlinkt sein, dann kann es sein, dass dieser aus verschiedenen Gruenden (z.B. Lizenzen oder Copyright) nur in einer anderen Digital Library verfuegbar ist. Versuchen Sie in diesem Fall einen Zugriff ueber die verlinkte DOI: 10.18420/OID2022_07
Haben Sie fehlerhafte Angaben entdeckt? Sagen Sie uns Bescheid: Send Feedback
More Info
DOI: 10.18420/OID2022_07
ISBN: 978-3-88579-719-7
ISSN: 1617-5468
xmlui.MetaDataDisplay.field.date: 2022
Language: (en)
Content Type: Text/Conference Paper