Five Links: Dusting the Bookshelf Edition

Happy Friday, everyone!

There really isn’t a trend to the types of articles I’ve been hitting this week; there’s been a cornucopia of different topics, from security to leadership.

happy-friday-pics

Image credit: Quotes n Thoughts

Continue reading “Five Links: Dusting the Bookshelf Edition”

Five Links: Make Me Feel Safe Edition

Happy Friday, everyone.

The last few weeks have seen a series of DDOS attacks taking out major services through vulnerabilities in IoT security, outages from human error, and data breaches from major players like Yahoo and less reputable ones as well. There are a lot of different attack vectors and different types of information that is vulnerable — and this highlights the thin line between security and risk. Security is not exactly a buzzword and it doesn’t get a lot of attention until (like insurance, a warm coat, or a full tank of gas) you really need it. That’s this week’s theme — data security and privacy.

funny-memes-safe-risky

Continue reading “Five Links: Make Me Feel Safe Edition”

Announcing Integrated Web Single Sign-On and Identity Federation

Red Hat recently released a new web single sign-on (SSO) server, based on the upstream Keycloak project. Now you have an out-of-the-box SAML 2.0 or OpenID Connect-based identity provider, fully supported, which mediates with your enterprise user directory or third-party identity provider for identity information and your applications via standards-based tokens. Keycloak is the next-generation replacement for PicketLink in the JBoss middleware technologies. Eventually, Keycloak will also provide single sign-on for Red Hat Cloud Suite and management products like Red Hat Satellite.

Feature Overview

At its core, Keycloak is a SAML 2.0 or OpenID Connect-based identity provider.

There is more information on the Customer Portal to go in-depth into features and configuration.

Client Support

Keycloak has a central identity server, and clients connect to it through their identity management configuration, assuming they have the appropriate adapter or module.

Keycloak supports a number of different clients:

  • Red Hat JBoss Enterprise Application Platform 6.4 and 7.0
  • Red Hat Fuse 6.2 (as tech preview)
  • Red Hat Enterprise Linux 7.2, through the mod_auth_mellon module for SAML 2.0

Identity Federation

Keycloak can be used for user federation with LDAP-based directory services, including:

  • Microsoft Active Directory
  • RHEL Identity Management

Additionally, Keybloak supports SPNEGO-based Kerberos with both Microsoft Active Directory and RHEL Identity Management.

Identity Brokering

Keycloak integrates with social login providers for user authentication, including:

  • Facebook
  • Google
  • Twitter

Administrative Interfaces

The Keycloak server, identity realms, and clients can be administered through a web-based GUI or through REST APIs. This allows you to completely design the sign sign-on environment, including users and role mapping, client registration, user federation, and identity brokering operations.

Subscriptions and support lifecycle

Single sign-on is currently  available via the JBoss Core Services Collection, on a 3-year support lifecycle. We anticipate offering Keycloak-based SSO as a service on Red Hat OpenShift Container Platform and Red Hat Mobile Application Platform, and as a federated identity provider for Red Hat OpenStack Platform.

The long-term vision is that Keycloak can be used to centralize user and client identities and to federate identity providers. This will stretch across existing infrastructure such as internal user directories or external cloud-based identity providers, such as social networks, and will provide SSO and identity federation across Red Hat products.