Christie_Marcus_Keycloak_Gateways_2017.pdf (328.22 kB)
Download file

Using Keycloak for Gateway Authentication and Authorization

Download (328.22 kB)
journal contribution
posted on 09.10.2017, 21:11 authored by Marcus ChristieMarcus Christie, Anuj Bhandar, Supun NakandalaSupun Nakandala, Suresh MarruSuresh Marru, Eroma Abeysinghe, Sudhakar Pamidighantam, Marlon PierceMarlon Pierce

Establishing users’ identities before they access research infrastructure resources is a key feature of science gateways. With many science gateways now relying on general purpose gateway platform services, the challenges of managing identity-derived features have expanded to include authorization between science gateway tenants, middleware, and third party identity provider services. The latter include campus identity management systems. This paper examines the use of Keycloak as an implementation of an identity management system for Apache Airavata middleware, replacing our previous WSO2 Identity Server-based implementation. This effort raises larger issues that software-as-a-service communities should consider when embedding dependencies on third party software and services, including developing selection criteria and future-proofing systems.