Authentication - feel the user experience

There are several methods for authentication : certificates, passwords, pincode, webauthn, One Time Password…

Choosing an authentication method is not a technical choice : it has hudge impacts on security but also on User eXperience.

This article shows several demos, built with Keycloak, and let you have a perception of User eXperience for each authentication method.

Read full post gblog_arrow_right

Action token, an idea for newsletter authentication

Action tokens are a particular type of token that allows unauthenticated users to perform some limited and predefined actions.

Usual use case are :

  • E-mail confirmation
  • Credentials reset
  • Execute required action(s)
  • and any action relevant with the flow and your use cases…
  • This article explains what is an action token and how to use it to authenticate users from a link inside a newsletter
Read full post gblog_arrow_right

OpenVPN and Keycloak : Link your VPN Infrastructure with your SSO

OpenVPN allows usage of PAM modules. By using an oauth2 client PAM module and password grant, we can use our own SSO (Keycloak) to authenticate users on a VPN infrastructure.

For Oauth2 providers which do not allow Password Grant, we will use a “token authentication” by providing a valid token instead of a password. Code and demo with Google as authentication provider.

Read full post gblog_arrow_right