Authentication protocols supported by the platform

Basic Identity Manager

This Identity Manager is a custom development on Spring Cloud Secuirity and supports:

User Repositories:

Authentication protocols

 

Advanced Identity Manager

In scenarios where a more sophisticated IM is required we offer an integration with Keycloak.

In this guide there is a short introduction of how we approach such IM integration.: Soporte a Keycloak como Identity Manager AvanzadoUNDEFINED

User repositories

Unlike basic IM, several user repositories can be configured simultaneously:

  • ConfigDB.

  • LDAP.

  • Kerberos.

  • Any other type of repository, but it is associated with the development of a Keycloak plugin.

Identity Brokering

Through the concept of Identity Brokering, we can delegate the authentication through protocols such as SAMLv2, OpenID/OAuth2...to other IMs, but the authentication process is still performed through our IM, so OpenID/OAuth2 could still be used as the REST authentication interface.

NOTE: although this standard can still be used for authentication, only the Oauth2 authorization code flow will be available, the implicit authentication flow is unfeasible due to technical limitations (necessary redirections to external IM, etc.).

External IM

Finally, platform authentication can also be delegated to an external IM, so that for all purposes the platform would take on the role of Identity Service or Resource Server, and the platform would not issue any tokens, it would only validate them against the external IM/IdP.

To use this type of authentication, the only requirement is that the external IM can be authenticated via OpenID/Oauth2.

The following guide should then be followed How to integrate Platform Security with your own Identity Manager with OAuth2 or OpenID? and complete a small Java plugin for the correct IM-platform role mapping.

 

 

Â