We are excited to announce beta availability of Red Hat Single Sign-On 7.1 (RH-SSO). RH-SSO is a standards-based, out-of-the-box authentication, web single sign-on, and authorization service, which mediates between your enterprise user directory or third-party identity provider for identity information and your applications via standards-based tokens.

Beta documentation and code downloads are available in the Customer Portal. RPM packages are available for Linux systems through Red Hat Subscription Management.

Features and Highlights

OPENID CONNECT CERTIFICATION

The Keycloak version included in Red Hat Single Sign-On (RH-SSO) 7.1 conforms to the 5 OpenID Connect profiles: Basic, Implicit, Hybrid, Config, and Dynamic. Certification was achieved in Keycloak v2.3 (http://openid.net/certification/). Future RH-SSO versions will remain compatible with these profiles, unless documented otherwise.

 

CLIENT ADAPTER FOR RED HAT FUSE

RH-SSO 7.1 features a new client adapter for Red Hat Fuse, which enables securing web application archives (WARs), servlets, Apache routes and Apache CXF endpoints deployed on Red Hat  Fuse, in both Apache Karaf and Red Hat JBoss Enterprise Application Platform (JBoss EAP).

 

NODE.JS CLIENT ADAPTER

RH-SSO 7.1 includes a new Node.js client adapter, which enables use of RH-SSO 7.1 Server for authentication and web single sign-on for Node.js applications.

 

EXTERNALIZED AUTHORIZATION SERVICE

RH-SSO 7.1 introduces a new authorization service feature-set, based on the User Managed Access specification. This enables RH-SSO 7.1 Server to act as a policy administration point, policy decision point, or policy information point, separating the authorization logic from the application.

 

USER STORAGE SPI

RH-SSO 7.1 features a new user storage SPI that you can use to implement your own custom user storage federation provider, such as a relational or NoSQL database, to enable federation of users from any user store.

 

SSSD INTEGRATION

RH-SSO 7.1 adds an integration with System Security Services Daemon (SSSD) in Red Hat Enterprise Linux (RHEL) 7.3. This enables use of SSSD as a user federation provider in front of a Microsoft Active Directory forest.

 

CLIENT REGISTRATION CLI

RH SSO 7.1 introduces a command-line interface (CLI) for developers to register client applications on RH-SSO Server.

 

RPM DISTRIBUTION

RH-SSO 7.1 introduces a new RPM distribution for Red Hat Enterprise Linux 6 and 7. The RH-SSO Server is provided in its own channel; the client adapters for JBoss EAP 6 and 7 are provided in their respective JBoss EAP x86_64 channels. The Red Hat Fuse and Node.js client adapters are not available as RPMs.