Single sign-on (SSO) is a property of Identity and Access Management (IAM) that enables users to securely authenticate with multiple applications and websites by logging in only once with just one set of credentials (username and password). With SSO, the application or website that the user is trying to access relies on a trusted third party to verify that users are who they say they are. It is often accomplished by using the Lightweight Directory Access Protocol (LDAP) and stored LDAP databases on (directory) servers.
Keycloak is an open source software product to allow single sign-on(SSO) with Identity and Access Management(IAM) aimed at modern applications and services. Keycloak supports both SAML and Auth2.0 protocols. Keycloak holds the Apache open source license.
Keycloak supports OpenID Connect and SAML (Security Assertion Markup Language) protocols. OpenId Connect is known to be an extension of the OAuth2 protocol also it’s a framework for building authorization protocols.
====
Authentication => The process of verifying who a user is
Authorization => The process of verifying what they have access to
SAML (Security Assertion Mark-up Language) => An umbrella standard that covers federation, identity management and single sign-on (SSO)
OAuth (Open Authorization) => A standard for authorization of resources. OAuth 2.0 is a framework that controls authorization to a protected resource such as an application or a set of files
OpenID Connect => A standard for federated authentication. OpenID Connect is a simple identity layer on top of the OAuth 2.0 protocol, which allows computing clients to verify the identity of an end-user based on the authentication performed by an authorization server, as well as to obtain basic profile information about the end-user in an interoperable and REST-like manner
====
OpenSource Single Sign-on(SSO) products:
1. Keycloak - https://www.keycloak.org/, https://www.keycloak.org/getting-started/getting-started-kube
2. Shibboleth - https://www.shibboleth.net/, https://www.internet2.edu/products-services/trust-identity/shibboleth/
3. Univention Corporate Server - https://www.univention.com/
4. WSO2 Identity Server - https://wso2.com/identity-and-access-management/
ref:
wiki - https://en.wikipedia.org/wiki/Keycloak
OpenSource Single Sign-On(SSO) - https://medium.com/faun/opensource-single-sign-on-sso-e52d39e1927
Difference Between OAuth, OpenID Connect, and SAML - https://www.okta.com/identity-101/whats-the-difference-between-oauth-openid-connect-and-saml/
Choosing an SSO Strategy: SAML vs OAuth2 - https://www.mutuallyhuman.com/blog/choosing-an-sso-strategy-saml-vs-oauth2/
Adding authentication to your Kubernetes Web applications with Keycloak =>
1. https://www.openshift.com/blog/adding-authentication-to-your-kubernetes-web-applications-with-keycloak
2. https://medium.com/stakater/proxy-injector-enabling-sso-with-keycloak-on-kubernetes-a1012c3d9f8d
3. https://thenewstack.io/kubernetes-single-sign-one-less-identity/
4. https://www.keycloak.org/getting-started/getting-started-kube
5. https://blog.codecentric.de/en/2019/05/configuring-kubernetes-login-keycloak/
