The old TDS SSO featured based on CAS technology has been replaced by a new with support of OpenID Connect and SAML.
Thanks to the implementation of the new TDS SSO, TDS Saas Service can now be integrated with customer´s Active Directory and authentication of users using OAuth 2.0 protocols.
Key SSO Keycloak features:
- One time password policy
- User logins to TDS SSO and is allowed to access all his available TDS services
- User logout from TDS SSO and is logout from all his TDS services which support SSO logout
- SPNEGO - disabled
- Centralized password policy
- User accounts are managed using a single centralized service
- Identity brokering
- Identity providers based for example on:
- OpenID Connect v1.0
- SAML v2.0
- OAuth v2.0
- Identity providers based for example on:
- Authorization policy
- Realm role level
- Client roles
- Role-based access control
SSO Session
Name | Value |
---|---|
SSO Session Idle | 10 hours |
SSO Session Max | 20 hours |
Access Token Lifespan | 1 minute |