Keycloak Authentication in Data Lake Platform

Keycloak Authentication in the Data Lake platform uses OAuth 1.0 standard.

Keycloak is a Software as a Service (SAAS) based on standard protocols with support for OpenID Connect, OAuth 2.0, and SAML.

Keycloak does not provide Single-Sign On capabilities for the Data Lake platform.

Keycloak does not support user federation from different sources such as LDAP, Active Directory, etc.

All services in the Data Lake platform require a JWT (JSON Web Token) for authentication.

Each service in the Data Lake platform validates the token's signature and expiration time against an external service, not Keycloak.

Keycloak is responsible for processing user login and providing the user with a JWT token required for subsequent interactions with the platform.

The JWT token provided by Keycloak does not include any information about the user's roles within the Data Pale platform.

The Data Lake platform is not protected by a specific network perimeter configured for this purpose.

The Web Application Firewall (WAF) and Access Control Lists (ACLs) are not used to protect the Data Lake platform.

Keycloak is a unique realm and instance for the Data Lake, enhancing its security.

VPNs are never established between the Data Lake and the client's systems.

APIs on the platform are protected by access mechanisms that require a valid JWT token or a registered api-key.

All APIs on the platform are secured using HTTP.

The Web Application Firewall (WAF) in Azure can automatically detect common attacks like denial of service or SQL injection to protect APIs.

ACLs can be used to allow any IP address to connect to specific endpoints.

Keycloak is used as an identity and access management system and implements the OAuth standard.

Keycloak can integrate with user identity systems like Active Directory for a single-sign-on experience.