Users
It is an entity that can log in to the system and can have some attributes, such as email , username , address , phone number , etc.
Can join a group and become a group member
Can assign roles
Authentication
Identify and authenticate users
Authorization
Authorize the user
Credentials
Keycloak is used to identify and verify some data of users, such as passwords, one-time passwords, digital signatures, fingerprints.
Roles
Role, a classification of users, such as administrators, ordinary users, managers, ordinary employees, etc.
Applications generally assign permissions to designated roles rather than directly to users.
Roles are divided into Realm-level roles and client-level roles.
A user can have both the Realm role and the client-level role of different clients.
User role mapping
A user can be associated with 0 or more roles, these associations can be included in tokens or assertions , and applications can perform access control based on these mappings.
Composite rolesComposite roles
A composite role can be associated with multiple common roles. For example, the composite role superuser can be associated with the sales-admin and order-entry-admin roles. If a user has the superuser role, it is equivalent to having both the sales-admin and order-entry-admin roles.
Groups
Groups are for easier user management
Properties can be defined for groups
Can assign roles to groups
Group members automatically inherit the group's attributes and roles.
Realm field
A realm manages a series of users , Credentials , roles , groups .
A user belongs to a realm
A user can only log in one realm
Realms are isolated from each other
Each realm can only manage and authenticate users controlled by itself
Clients
Clients can request keycloak to authenticate a user
In most cases, clients are applications and services that want to harden themselves with keycloak and provide a single sign-on solution.
Clients can also simply request authentication information or access tokens , so that they can safely call other services protected by keycloak .
Client apapters
Client adapter is a kind of plug-in,
This plugin is used to install on your application environment,
Once installed, it is possible to communicate with keycloak and be secured by keycloak .
Keycloak provides different adapters for different application environments, which can be downloaded.
Some application environments keycloak does not provide adapters , and adapters developed by third parties can be used .