If you're looking for a single sign-on solution (SSO) that enables you to secure new or legacy applications and easily use federated identity providers (IdP) such as social networks, you should definitely take a look at Keycloak. Keycloak is the upstream open source community project for Red Hat Single Sign-On (RH-SSO). RH-SSO is a core service that is part of a number of products such as Red Hat JBoss Enterprise Application Platform. If you've logged into to developers.redhat.com or openshift.com you are using Keycloak.
On the Red Hat Developer blog there have been a number of recent articles that cover various aspects Keycloak/RH-SSO integration. A recent DevNation Live Tech Talk covered Securing Spring Boot Microservices with Keycloak. This article discusses the features of Keycloak/RH-SSO that you should be aware of.
- You can determine how many active session your system currently has.
- You could force the logout of a single user.
- Or you could force all users of the system to be logged out.
- One time password (OTP) policies
- Centralized password policy
- Authorization policies per resource or per scope
- Timed access policy (users or group of users can login only between certain time slots)
- Rule-Based policy