Using Keycloak for Gateway Authentication and Authorization
Establishing users’ identities before they access research infrastructure resources is a key feature of science gateways. With many science gateways now relying on general purpose gateway platform services, the challenges of managing identity-derived features have expanded to include authorization between science gateway tenants, middleware, and third party identity provider services. The latter include campus identity management systems. This paper examines the use of Keycloak as an implementation of an identity management system for Apache Airavata middleware, replacing our previous WSO2 Identity Server-based implementation. This effort raises larger issues that software-as-a-service communities should consider when embedding dependencies on third party software and services, including developing selection criteria and future-proofing systems.