Lead Image © Kirsty Pargeter, 123RF.com
Single sign-on with Keycloak
Master of the Keys
Single sign-on (SSO) offers many advantages, and SSO providers can provide valuable services in terms of user account security. Although each user only needs to remember one password to access different services (which is not to be confused with a user simply using the same password for different services), the providers themselves do not have any knowledge of the password used. If a data leak occurs in one of the services, passwords will not fall easily into the hands of criminals. The service exclusively relies on the SSO provider to verify the user's identity securely. For some providers, the identity itself is not important, the only important thing is to identify the same person beyond any doubt.
To use SSO, you are not dependent on the three major players, Google, Facebook, or OpenID. Although you have a number of smaller and specialized providers from which to choose, you can also set up an SSO service yourself. Often the commercial "Atlassion Crowd" SSO server is used, which acts as the authentication center for Atlassian's own services (e.g., Jira, Confluence, Bitbucket). If you want to set up your own server, you can also start with the open source alternative Keycloak [1]. The software, developed by Red Hat, has been around since 2014 and is currently being developed under the umbrella of the JBoss application server.
DIY SSO
The advantage of operating an SSO server like Keycloak yourself is that you can include virtually any existing directory service. Your users can then use the same credentials as on their domain machines or for accessing email. As the client protocol, Keycloak supports OpenID Connect or the somewhat older SAML (security assertion markup language). If you have the choice, the Keycloak developers recommend OpenID Connect, which is an extension of OAuth 2.0 and offers JSON web tokens, among other
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Single sign-on like the big guys
Keycloak is a robust and mature project that provides a modern single sign-on authorization experience and centralized authentication of your apps. -
Registry for Docker images
Running your own registry for Docker images is not difficult. We'll show you how to get started using the free docker_auth software. -
LDAP integration with popular groupware suites
Your LDAP directory holds user data for the whole network. Why not save time and avoid duplication by integrating the LDAP directory with your groupware environment? -
Quick and easy SaaS provisioning for OpenLDAP
Provisioning SaaS apps for OpenLDAP users with Okta Cloud Connect lets you retain control of your users' data and access to applications, yet gives them the tools they want. -
A feature-rich drop-in-replacement for Microsoft Exchange
Grommunio is a completely open source and fully compatible drop-in replacement for Microsoft Exchange that uncouples your company from Microsoft's cloud strategy and its severe security and data protection issues.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
