Leanpub Header

Skip to main content
Go to Leanpub.comLeanpub

Building Identity Systems That Don’t Break

Spring Boot, Spring Security, Keycloak, Okta SAML 2.0, and Just-In-Time Provisioning

Binit Datta

SSO works—until it doesn’t.

This book shows what really happens after login: identity brokering, federation, Just-In-Time provisioning, sessions, cookies, logout failures, and trust boundaries—built with Spring Boot, Spring Security, Keycloak, and Okta SAML.

Learn how enterprise identity systems behave in production, not just in demos.

Minimum price

$19.00

$29.00

You pay

$29.00

Author earns

$23.20
$

...Or Buy With Credits!

You can get credits with a paid monthly or annual Reader Membership, or you can buy them here.
PDF
About

About

About the Book

Single Sign-On looks easy—until it isn’t.


Most teams can make a login screen work. Many can integrate an IdP. Very few truly understand what happens after authentication: how identity is brokered, how users are provisioned safely, how sessions and logout propagate across systems, and why production identity failures are so difficult to diagnose.


This book is written for engineers and architects who want to build identity systems that don’t break.


What This Book Is Really About


This is not another “how to configure SSO” guide.


This book is about enterprise identity brokering—the discipline of placing a trusted intermediary between applications and external identity providers, and using that broker to control authentication, authorization, provisioning, lifecycle, and auditability without hard-coding identity logic into every app.


Using Spring Boot, Spring Security, Keycloak, and Okta (SAML 2.0), you will learn how real-world identity systems behave under load, during failures, and across organizational boundaries.


You will see identity as a system of protocols, state, trust, and lifecycle—not just login screens and tokens.


Why This Book Exists


There are excellent books on Spring Security.


There are excellent books on Keycloak.
There is extensive documentation for Okta.

But production systems do not use these tools in isolation.

In real enterprises:

  • Identity is federated across companies
  • Users are created dynamically
  • Attributes arrive late—or incorrectly
  • Logout is unreliable
  • Audit trails matter
  • Compliance teams ask uncomfortable questions
  • And failures surface months after go-live

This book fills the gap between documentation and production reality.


What You Will Learn

By the end of this book, you will be able to:

  • Design an identity brokered architecture instead of coupling apps directly to IdPs
  • Run Keycloak as a standalone enterprise Identity Provider
  • Build a local user directory with Spring Boot and MySQL
  • Integrate Spring Security applications using Keycloak-native authentication
  • Federate external identity using Okta SAML 2.0
  • Configure SAML attribute statements correctly for enterprise use
  • Implement Just-In-Time (JIT) user provisioning
  • Write Keycloak First Broker Login and Post Login authenticators
  • Trace full login and logout flows at the HTTP, cookie, and session level
  • Understand why logout breaks—and how to design around it
  • Diagnose identity failures using protocol-level thinking, not guesswork


How This Book Is Different

This book is:

  • Protocol-first, not UI-first
  • Failure-aware, not happy-path only
  • Production-oriented, not demo-driven
  • Architectural, not checkbox-based

You will see:

  • Real HTTP call sequences
  • Cookie and session behavior explained
  • SAML requests and responses dissected
  • Identity flows visualized with diagrams
  • Common enterprise failure modes called out explicitly

Every chapter builds mental models—not just configurations.


Who This Book Is For

This book is ideal for:

  • Senior Software Engineers
  • Enterprise & Solution Architects
  • Identity & Access Management (IAM) practitioners
  • Platform and Security Engineers
  • Tech Leads responsible for SSO in production
  • Architects migrating legacy authentication systems
  • Anyone who has ever said:
    “SSO works… except sometimes.”

If you have ever debugged a broken login at 2 a.m., this book was written for you.


What You Will Walk Away With

You will not just know how to configure identity.

You will understand:

  • Why identity systems fail
  • Where to place responsibility
  • How to reason about trust
  • How to design for change

And most importantly—you will be able to explain identity systems clearly to engineers, auditors, and leadership alike.

Share this book

Categories

Computer SecurityCryptography

Feedback

Email the Author

Author

About the Author

Binit Datta

Binit Datta is a strategic, customer-centric technology leader with over three decades of experience designing, building, and operating large-scale enterprise systems across more than ten business verticals and numerous Fortune 50 organizations. His career has been defined by a rare ability to bridge deep technical execution with business outcomes—using architecture not as an academic exercise, but as a practical tool to deliver reliability, scalability, and measurable customer value.

With expertise spanning enterprise architecture, identity and access management, cloud platforms, security, and modern application development, Binit has consistently worked at the intersection of systems that must perform under real-world pressure. He is particularly known for his focus on prevention over cure—helping organizations avoid costly production failures through deep system understanding, fast root-cause analysis, and disciplined architectural thinking.

A passionate mentor and lifelong learner, Binit believes the most valuable technologists are those who can see beyond silos—understanding applications, platforms, and identity infrastructure as a single, interconnected system. In an era increasingly shaped by generative AI, his work advocates for the enduring importance of human judgment, architectural fluency, and customer-focused problem solving.

This book reflects that philosophy: written for practitioners who want to understand not just how systems work, but why they behave the way they do—and how that understanding translates into lower MTTR, stronger customer trust, and sustained product innovation.

Get the free Community Edition

You can get the free Community Edition in PDF or EPUB just by sharing your name and email address with the author, or you can just click this link to read a shorter sample online...

 

The Leanpub 60 Day 100% Happiness Guarantee

Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.

You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!

So, there's no reason not to click the Add to Cart button, is there?

See full terms...

Earn $8 on a $10 Purchase, and $16 on a $20 Purchase

We pay 80% royalties on purchases of $7.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between $0.99 and $7.98. You earn $8 on a $10 sale, and $16 on a $20 sale. So, if we sell 5000 non-refunded copies of your book for $20, you'll earn $80,000.

(Yes, some authors have already earned much more than that on Leanpub.)

In fact, authors have earned over $14 million writing, publishing and selling on Leanpub.

Learn more about writing on Leanpub

Free Updates. DRM Free.

If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).

Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.

Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.

Learn more about Leanpub's ebook formats and where to read them

Write and Publish on Leanpub

You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses!

Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks.

Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. (Or, if you are producing your ebook your own way, you can even upload your own PDF and/or EPUB files and then publish with one click!) It really is that easy.

Learn more about writing on Leanpub