The open-source SSO and Access Management in one
The solution has been based on open-source standalone server – KeyCloak, provided by the Red Hat and gives central single-sign-on point for the all production environment, providing high variety of authentication methods (for example – using login and password from Active Directory or automatic login supporting Kerberos protocol), some of them being results of telecommunication sector specificity. One of the biggest challenge was to migrate all user sub-identities, related to specific login databases for some of the system, to the one, global identity. It should be noted that this not only concerns inner employees accounts, but also foreign partners and, what is most important – clients.
Regarding the extent of implemented features, the propagation of SSO session is not the only task, for which the system is responsible for, using the highest security standards in the microservices based environment, but it is also providing access management for related systems. When the SSO system is creating the user-system mapping it is also requesting the specific sub-system to create local account with given role and the resulting privileges list.
It should be noted that the conception of final solution meets the Continuous Integration methodology requirements, which was one of the most important key point for our client. Subsystems are able to request automatically changes in theirs privileges’ lists, which is the result of new version of microservice deployment into production environment. Central SSO system provides role management features, which links privileges to specific system roles. These roles are next provisioned to subsystems.
In conclusion, the solution provided by BlueSoft is based on standards as JWT, SAML 2.0, oAuth 2.0 and OIDC and contains mechanism for multi-step authentication, where single step is one of implemented ways to authorize into system with support of additional methods such as SMS token or x509 certificates. It should be mentioned that it’s very important aspect for external companies, which all of them want to integrate easily for authenticaton, using standardized and most secured ways to do that.
More informations about KeyCloak one can find on following page: http://www.keycloak.org/