Identity management on Enough services

DevOps
#1

Hello,

I did a quick search on forum, code and issues and I didn’t find anything related to identity management on Enough services.

IAM is a key point from my point in of view in an infrastructure that offer a wide range of services.

@loic, could you shed some light on how identity management works at the moment on Enough services ?

Thanks a lot.

#2

I’m mostly ignorant on those matters so I don’t have much to bring to the discussion. I’m sometime irritated by the need to create accounts on multiple services. But then I forget because I rarely need to authenticate.

I’ve heard good things about keycloak this year and even saw it in action and working at https://indie.host. I suppose @pierre would have more useful comments on their experience :slight_smile:

#3

Yes, we use keycloack and are happy with it :slight_smile:

Let me know if you want a demo, or have specific questions :slight_smile:

2 Likes
#4

From my point of view, we could use a SSO software (keycloack or LemonLDAP::NG) that rely on a LDAP backend.

That’s way, Enough users have to know only one URL like https://portal.enough.community. They log in using one account and a password then they just need to click on applications they want to access.

1 Like
I'm a whistleblower or a journalist, how and where should I start?
#5

Some things I would like to add to my latest post:

  • With a SSO software and a portal, you got authorization and accounting features (in addition to authentication feature).
  • To be able to login only once, applications should support SSO. If they don’t, you can still display application on portal but users will have to login.
  • When doing SSO using HTTP header (a common usage), SSO software will proxy trafic send by user to application (and vice versa)

@pierre, I’m interested by a demo. Also, do you have considered to use LL::NG before Keycloack ?

1 Like
Hiboo SSO