We are excited to announce beta availability of Red Hat Single Sign-On 7.1 (RH-SSO). RH-SSO is a standards-based, out-of-the-box authentication, web single sign-on, and authorization service, which mediates between your enterprise user directory or third-party identity provider for identity information and your applications via standards-based tokens.
Features and Highlights
OPENID CONNECT CERTIFICATION
The Keycloak version included in Red Hat Single Sign-On (RH-SSO) 7.1 conforms to the 5 OpenID Connect profiles: Basic, Implicit, Hybrid, Config, and Dynamic. Certification was achieved in Keycloak v2.3 (http://openid.net/certification/). Future RH-SSO versions will remain compatible with these profiles, unless documented otherwise.
CLIENT ADAPTER FOR RED HAT JBOSS FUSE
RH-SSO 7.1 features a new client adapter for Red Hat JBoss Fuse, which enables securing web application archives (WARs), servlets, Apache routes and Apache CXF endpoints deployed on JBoss Fuse, in both Apache Karaf and Red Hat JBoss Enterprise Application Platform (JBoss EAP).
NODE.JS CLIENT ADAPTER
RH-SSO 7.1 includes a new Node.js client adapter, which enables use of RH-SSO 7.1 Server for authentication and web single sign-on for Node.js applications.
EXTERNALIZED AUTHORIZATION SERVICE
RH-SSO 7.1 introduces a new authorization service feature-set, based on the User Managed Access specification. This enables RH-SSO 7.1 Server to act as a policy administration point, policy decision point, or policy information point, separating the authorization logic from the application.
USER STORAGE SPI
RH-SSO 7.1 features a new user storage SPI that you can use to implement your own custom user storage federation provider, such as a relational or NoSQL database, to enable federation of users from any user store.
RH-SSO 7.1 adds an integration with System Security Services Daemon (SSSD) in Red Hat Enterprise Linux (RHEL) 7.3. This enables use of SSSD as a user federation provider in front of a Microsoft Active Directory forest.
CLIENT REGISTRATION CLI
RH SSO 7.1 introduces a command-line interface (CLI) for developers to register client applications on RH-SSO Server.
RH-SSO 7.1 introduces a new RPM distribution for Red Hat Enterprise Linux 6 and 7. The RH-SSO Server is provided in its own channel; the client adapters for JBoss EAP 6 and 7 are provided in their respective JBoss EAP x86_64 channels. The JBoss Fuse and Node.js client adapters are not available as RPMs.