Flexible Method for Supporting OAuth 2.0 Based Security Profiles in Keycloak

Takashi Norimatsu, Yuichi Nakamura, Toshihiro Yamauchi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Keycloak is identity and access control open-source software. When used for open banking, where many OAuth 2.0 clients need to be managed and a different OAuth 2.0-based security profile needs to be applied to each type of API, the problem of increasing managerial costs by the Keycloak administrator occurs because Keycloak's security profile logic depends on the client settings, and the logic cannot be changed for each client's request. This paper proposes its solution by separating the security profile logic from the client settings, and by changing the security profile for each client's request based on the content of the request, and actual security profiles Financial-grade API (FAPI) are implemented to Keycloak. The paper calculates managerial costs in both the existing and proposed methods in scenarios managing FAPI, and compares the results. The comparison shows that using the proposed method reduces costs. Our implementations are contributed to Keycloak.

Original languageEnglish
Title of host publicationOpen Identity Summit 2022 - Proceedings
EditorsHeiko Rossnagel, Christian Schunck, Sebastian Modersheim
PublisherGesellschaft fur Informatik (GI)
Pages87-98
Number of pages12
ISBN (Electronic)9783885797197
Publication statusPublished - 2022
EventOpen Identity Summit 2022 - Copenhagen, Denmark
Duration: Jul 7 2022Jul 8 2022

Publication series

NameLecture Notes in Informatics (LNI), Proceedings - Series of the Gesellschaft fur Informatik (GI)
VolumeP-325
ISSN (Print)1617-5468

Conference

ConferenceOpen Identity Summit 2022
Country/TerritoryDenmark
CityCopenhagen
Period7/7/227/8/22

Keywords

  • FAPI
  • Keycloak
  • OAuth 2.0
  • Open Banking
  • Open Source
  • Security Profile

ASJC Scopus subject areas

  • Computer Science Applications

Fingerprint

Dive into the research topics of 'Flexible Method for Supporting OAuth 2.0 Based Security Profiles in Keycloak'. Together they form a unique fingerprint.

Cite this