For this weekend, the team will complete the first phase of upgrading some of the components of the data centre infrastructure. For almost a week, the databases were upgraded to the latest version with new parameter groups to improve performance. This is followed by the use of the upgraded Keycloak system for various apps within the portal.
Keycloak is a software product that allows single sign-on with identity and access management aimed at modern applications and services. As of March 2018 this WildFly community project is under the stewardship of Red Hat who uses it as the upstream project for their RH-SSO product. We are using the latest technology from the manufacturer to deliver the Keycloak installation raw on steel for this upgrade. Our goal was to improve usage efficiency by moving from the Docker environment.
The transition to an SSO environment will take place in stages. Recoding the login procedure and activating a new configuration in the Keycloak system are necessary to complete the process.
Along with the new raw-on-steel installation of the Keycloak system, we are migrating towards the SSO environment. Using a single ID, a user can log in to any of several related, yet independent software systems through a single sign-on authentication scheme. By using true single sign-on, the user can log in once and access services without having to enter authentication factors again.
Keycloak and Single Sign-On (SSO) are crucial elements in modern identity and access management (IAM) systems. Users can access multiple applications with a single set of login credentials through Single Sign-On, which is an authentication process. By logging in once, users can access all authorized services without having to remember and enter usernames and passwords for each application separately. In an application ecosystem, Keycloak is frequently employed as an identity provider to implement SSO.
Keycloak’s key features are as follows:
- Keycloak enables you to define and manage user identities, groups, and roles. Users can be classified into groups for easier access control and have various attributes.
- Authentication is supported by various methods, including username/password, social login (like Google or Facebook), and multi-factor authentication (MFA) for enhanced security.
- Fine-grained authorization policies and role-based access control (RBAC) are provided by Keycloak to control who can access which resources.
- Enabling SSO is a key feature of Keycloak. Logging in once allows users to access multiple applications without having to enter credentials for each one.
The typical way our SSO works is:
- When a user tries to access an application, they are redirected to an SSO identity provider (like Keycloak) for authentication.
- Login: The user enters their credentials (username and password) or uses another authentication method (e.g., social login, MFA) to authenticate.
- A token containing user information and claims is issued by the identity provider after successful authentication.
