Okay. We have covered a lot of ground so far and you can see we are working a way round the dial here, but we are now going to dive into authentication. Because authentication and authorization are super important, you need to be secure in your microservices. So, how do you do that? We actually have a solution called Keycloak, and it is actually -- that is the upstream project called Keycloak, it is also known as a Red Hat SSO that is the part of the subscription when you have a supported product from JBoss middleware and part of the Red Hat organization. But in this case SSO is handled by an individual server, the Keycloak server that then can be applied to any endpoint that you have out there throughout your entire distributed system, and it can actually be used for your mobile applications, or for your web standard web application, you have an AngularJS application, et cetera. 

It is super easy to integrate, we actually provide you the JavaScript file, and then you are off and running. So, let me show you how to kind of set this up and how this demo works. Okay. So, the first thing you should understand is, again, it is all part of our standard bit.ly-msa instructions that I showed you earlier, the big document. It talks about how to get the SSO is setup and configured. By the way if you run our Ansible playbook it actually sets all this up for you automatically, so that's at top of the document. But you can kind of see at the, if we look at our page. 

Okay, this is our application right here, you see how it says unauthorized, and it's on this SSO tab. If I look over here, you kind of see there is the SSO, and actually let’s go up here a little bit and see, right here. So, this flag right there, basically says If SSO is enabled, actually show that tab, that is part of the magic that is happening here, and then there is this sso.js, right here. Okay? 

Single sign on JavaScript, if we actually open that file, and I have already opened it here for you. You kind of see what is going through here. it is basically ensuring that things were authenticated using Keycloak. Right? See the keycloak command right here, and we are doing a secured_ajax call against a, and we are passing in the authorization, read the Bearer token right here. And then we are actually invoking a server-side endpoint that's specifically secured, and requires that this token be set, as an example. The way that server side end point is secured, in this case, this is hola, right? Which is the Wildfly Swarm one, the Java EE one. 

You see it says api/hola-secured is the secured one, that is the one that is locked down. You can see, you have to be a user to get access to it, and KEYCLOAK is the authentication mechanism. So, that is where that is set. And then over here you can kind of see hola-secured, and so this guy right here does have the task of grabbing this Principal, actually saying that this user has access, is all that is really doing, and: This is a Secured resource. You are logged in as user. So, you don’t actually have to use that API, it is specifically there to kind of grab the username and display it to user. And then, and yes, so, just come over here and actually do the login. 

Okay. So, I am going to login on this guy here, all right, make that little bigger. Oops. You got a spell the username correctly, user user, login there. All right. There we go. And now it says: This is a secured resource. You are logged in as an Example User. Which is our name, example user. Now it should be noted, this is all being managed in the backbone of the application with, if we go back to our. Let’s go back over here, to our console, all right. Our OpenShift console, let me get logged in here. 

Here we go. And this is SSO, so this is the Keycloak server running here and you can kind of see, here is the Admin console that I have already up and running. You kind of see how it is configured, this is a very light weight configuration but there is a lot of capability here. So, I will encourage you to spend some time exploring it. You can actually have Keycloak manage the login screen for you. It takes care of the login screen, it takes care of registration screen, you kind of see what different users can do based on that, can Forgot password capability, Remember me capability, Verify email capability, you just flip these bits on, and the login screen works accordingly. So, I say login screen, I mean this screen you saw over here. All right. 

You can add additional capabilities here very easily, based on what you define here on the admin side of Keycloak. You can kind of see, though that I don’t have a session, that is because I did log out. But if we come back here and log back in again, all right. You will see that we have a session. Here we go. And here, and there is our frontend session. The frontend client has now connected again. So, that concept makes security super easy, one place I encourage you to go and check things out is there is a great spring-boot-keycloak-tutorial, here at the sebastien’s Git hub account. 

So, I encourage you to check that out, walk through it all, and then of course you can kind of see how securing a spring-boot application will look like as a good example. Okay. So, authentication is super easy and in course it's been addressed specifically here in this demo. 

Again, don’t forget that our key demo we'll be walking you through the day, gives you access to all this, and you can kind of try it out for yourself. So, we have more to show you, so stick with us.