Best Approach for Integrating Keycloak with ERP System for IAM and SSO in Microservices Architecture

embesozzi · November 28, 2024, 12:35pm

Follows the identity standards. OIDC AuthN and OAuth 2.0 AuthZ (more accurately, access delegation)
It’s all about your “P*P” architectures (PIP, PDP, PEP, etc.)
SPA or Native Apps Authorization Code Flow with PKCE
Depends on your point 2). It’s not mandatory, but it’s common.Nevertheless, Spring Boot comes Spring Security’s OAuth 2.0 . Here’s a reference for other approach [1]
Review OIDC [2], OAuth 2.0 [3]
[1] Mastering Access Control: Low-Code Authorization with ReBAC, Decoupling Patterns and Policy as Code | by Martin Besozzi | Medium
[2] Final: OpenID Connect Core 1.0 incorporating errata set 2
[3] RFC 6749 - The OAuth 2.0 Authorization Framework

Topic		Replies	Views
Help with keycloak implementation in web project with spring boot 3.1.4 and angular 16.2.0 Securing applications	1	613	December 5, 2023
So many choices Getting advice authentication , saml	0	529	September 1, 2020
Concept for single page application and backend service Getting advice	3	2460	November 5, 2021
Securing React app with Spring Boot backend Getting advice	6	6627	April 30, 2022
Best practice for role/permission management Getting advice	1	3413	March 5, 2020