Skip to main content
23 April, 2024
# Topics
Share this post:

High Performance and Availability Keycloak Upgrade @ Quarkus for Insurance and Banking Identiy Management

23 April, 2024

In our quest for optimized identity and access management (IAM), we embarked on Project Upgrade Keycloak, a transformative initiative aimed at modernizing our customer’s Keycloak infrastructure. During the project we navigated the intricacies of Keycloak’s architecture to implement strategic upgrade modifications into most recent version Keycloak 23.0.

Introduction to Keycloak:

At the heart of our IAM strategy lies Keycloak, a comprehensive identity management platform renowned for its single sign-on (SSO), identity brokering, user federation, and centralized user management capabilities. Its architecture, built on modern technologies, seamlessly integrates with diverse applications and systems, irrespective of their technology stack or deployment environment. Keycloak’s extensibility and scalability align perfectly with our vision, making it our preferred choice for IAM solutions for our customers in banking and insurance industry.

Quarkus as a building block for Keycloak

Quarkus, an open-source, Kubernetes-native Java framework, revolutionizes the landscape of enterprise application development with its unparalleled efficiency and speed.

Key highlights of Quarkus include:

  • Lightning-fast Startup Times: Quarkus boasts remarkably swift startup times, enabling rapid deployment and iteration cycles, thereby enhancing our development agility.
  • Optimized Memory Footprint: With its small memory footprint, Quarkus optimizes resource utilization, allowing us to scale our applications efficiently while minimizing infrastructure costs.
  • Superior Developer Experience: Quarkus simplifies the development process with its intuitive APIs, streamlined tooling, and comprehensive documentation, empowering our developers to deliver high-quality solutions swiftly.
  • Native Compilation: Quarkus’s native compilation capabilities enable us to build lightweight, standalone executables, facilitating seamless deployment across diverse environments and architectures.
  • Seamless Integration with Keycloak: Quarkus seamlessly integrates with Keycloak, enabling us to leverage its powerful capabilities while harnessing the performance benefits of Quarkus for our IAM infrastructure.

Incorporating Quarkus into our Keycloak ecosystem has been instrumental in enhancing performance, scalability, and developer productivity.

Project approach and challenges

Key Changes in Keycloak Upgrade:

  • Customizing Keycloak Image: Our journey involved reconfiguring the importation of certificates from the trust store, ensuring seamless integration with our existing infrastructure.
  • Crucial Engine Transition: The migration from the Wildfly-JBoss application server to Quarkus from version 17.0.0 onwards marked a significant architectural shift, promising enhanced performance and scalability tailored to our specific needs.

Our Implementation Strategies:

The implementation phase of our project was characterized by meticulous planning and execution to minimize disruptions and ensure a smooth transition. We adopted the following strategies:

  • Transforming Existing Applications: We refactored legacy applications into modern web components, leveraging the latest web technologies to enhance user experience and compatibility across our ecosystem.
  • Revamping OIDC Authorization: Our team undertook a comprehensive transformation of Keycloak clients, aligning OIDC authorization mechanisms with industry best practices and security standards across versions.
  • Enhancing Token Management with Mappers: Inclusion of mappers in access token construction and userinfo responses facilitated finer control over authorization policies and attribute mapping, empowering us to tailor access controls to our specific requirements.
  • Strengthening Secure Communication: Incorporating CA certificates for HTTPS communication with identity providers fortified the security posture of our entire ecosystem, safeguarding sensitive data in transit.

Navigating Challenges Together:

Despite meticulous planning, our journey was not without challenges:

  • Development Environment Hurdles: Issues with the development environment hindered our progress initially, prompting us to undertake troubleshooting and optimization efforts to create a conducive workspace for our development activities.
  • Test Environment Instability: The instability of our test environment posed challenges in validating changes and conducting comprehensive testing, necessitating proactive measures to mitigate risks and ensure reliable testing outcomes.

Conclusion

Our journey with the Upgrade Keycloak project for banking and insurance industry epitomizes our commitment to innovation and collaboration in navigating the complexities of modern IT solutions. As Keycloak and Quarkus continues to evolve, driven by our collective efforts and contributions, we remain poised to meet the ever-changing demands of the IAM landscape, unlocking new possibilities for our organization and our clients.