Username or email and password ​

Overview ​

The traditional method where users provide a unique username or email and password combination through a login form.

Use cases ​

IAM ​

This authentication method is commonly employed in customer-facing applications, making it particularly valuable for businesses offering online services such as e-commerce platforms, mobile applications, or online banking.

It ensures a seamless and secure login experience for customers, enhancing user satisfaction and trust.

CIAM ​

This authentication approach also serves the needs of business-to-business (B2B) companies seeking to streamline access for their partners or vendors. By leveraging existing external Active Directory (AD) or LDAP systems, organizations can centralize account management and standardize login methods across their ecosystem.

This facilitates efficient collaboration while maintaining robust security measures.

Pros & Cons ​

Pros ​

• Enhanced user experience: This authentication method offers a familiar and straightforward login process for users, contributing to a positive user experience.

• Versatility: Suitable for a wide range of use cases, including customer-facing applications (CIAM) and business-to-business (B2B) scenarios with external AD or LDAP integration (IAM).

Cons ​

• Security concerns: While widely used, passwords can be vulnerable to various security threats such as brute-force attacks, phishing, and password reuse.

Supported by Keycloak ​

Yes, natively supported and configurable on Managed Keycloak by Cloud-IAM.

Configuration ​

How to configure Username or Email and Password on Keycloak ​

The following tutorial provides a quick example of configuring the "Username or Email and Password" method to help you navigate Keycloak and test it with the Keycloak test application (https://www.keycloak.org/app/). This tutorial does not cover all the necessary security best practices for a complete configuration.

Create a new Keycloak realm ​

1. From Keycloak console, select dropdown list (1.)
2. Click on Create Realm(2.)
3. Name your new realm (here : tutorial-demo)
4. Click on Create

Realm setting ​

1. Select your new realm from the dropdown list (here : tutorial-demo)
2. Click on Realm Setting
3. Then click on Login

On this part you can define multiple rules such as :

• User registration
• Forget Password
• Remember Me
• [...]

Client settings - Step 1 "General settings" ​

1. From Keycloak console click on Clients
2. Then click on Create client
3. Enter the Client ID of your client: here “tutorial-test”, provide a name “tutorial-test-client”
4. Click on Next

Client settings - Step 2 "Capability Config" ​

1. Enable Client authentication
2. Unselect Direct access grants
3. Click on Next

Client settings - Step 3 "Login settings" ​

1. Complete:

• Valid redirect URIs (Keycloak test Application , here : "https://www.keycloak.org/app/*")
• Valid post logout redirect URIs (here : "+")
• Web origins (here : "+")

2. Click on Save
3. Then log out of your Keycloak

Client settings - Step 4 "Keycloak test application" ​

1. On another window browser open: Keycloak test application
2. Complete your:

• Keycloak URL (here : https://your-keycloak-url)
• Realm Name (Previously new realm created, here : “tutorial-demo")
• Client (Previously client ID created, here : “tutorial-test”)

3. Click on Save
4. Then click on Sign in

As you can see that you have been successfully redirected to your Keycloak to connect with your login / password from Keycloak test application.

Resources ​

• Quickstart
• Customize login pages and themes
• Customize password policies and security
• RedHat documentation