Announcing Integrated Web Single Sign-On and Identity Federation

Red Hat recently released a new web single sign-on (SSO) server, based on the upstream Keycloak project. Now you have an out-of-the-box SAML 2.0 or OpenID Connect-based identity provider, fully supported, which mediates with your enterprise user directory or third-party identity provider for identity information and your applications via standards-based tokens. Keycloak is the next-generation replacement for PicketLink in the JBoss middleware technologies. Eventually, Keycloak will also provide single sign-on for Red Hat Cloud Suite and management products like Red Hat Satellite.

Feature Overview

At its core, Keycloak is a SAML 2.0 or OpenID Connect-based identity provider.

There is more information on the Customer Portal to go in-depth into features and configuration.

Client Support

Keycloak has a central identity server, and clients connect to it through their identity management configuration, assuming they have the appropriate adapter or module.

Keycloak supports a number of different clients:

  • Red Hat JBoss Enterprise Application Platform 6.4 and 7.0
  • Red Hat JBoss Fuse 6.2 (as tech preview)
  • Red Hat Enterprise Linux 7.2, through the mod_auth_mellon module for SAML 2.0

Identity Federation

Keycloak can be used for user federation with LDAP-based directory services, including:

  • Microsoft Active Directory
  • RHEL Identity Management

Additionally, Keybloak supports SPNEGO-based Kerberos with both Microsoft Active Directory and RHEL Identity Management.

Identity Brokering

Keycloak integrates with social login providers for user authentication, including:

  • Facebook
  • Google
  • Twitter

Administrative Interfaces

The Keycloak server, identity realms, and clients can be administered through a web-based GUI or through REST APIs. This allows you to completely design the sign sign-on environment, including users and role mapping, client registration, user federation, and identity brokering operations.

Subscriptions and support lifecycle

Single sign-on is currently  available via the JBoss Core Services Collection, on a 3-year support lifecycle. We anticipate offering Keycloak-based SSO as a service on Red Hat OpenShift Container Platform and Red Hat Mobile Application Platform, and as a federated identity provider for Red Hat OpenStack Platform.

The long-term vision is that Keycloak can be used to centralize user and client identities and to federate identity providers. This will stretch across existing infrastructure such as internal user directories or external cloud-based identity providers, such as social networks, and will provide SSO and identity federation across Red Hat products.

Event-driven computing with Red Hat JBoss Data Grid

The convergence of Mobile, Social, Big Data, and Cloud has placed increasing demands on today’s applications to react instantaneously to changes in data at a large scale. A delay of a few seconds can mean the difference between engaging or losing a customer for a retailer, increased liquidity or fraud risk for a financial institution, or escalation of an adverse occurrence in a manufacturing process or IoT network.

Continue reading “Event-driven computing with Red Hat JBoss Data Grid”