You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 9 Next »

The old TDS SSO featured based on CAS technology has been replaced by a new with support of OpenID Connect and SAML.                                                                                                     

Thanks to the implementation of the new TDS SSO, TDS Saas Service can now be integrated with customer´s Active Directory and authentication of users using OAuth 2.0 protocols.               

User authorization is controlled from TDS Portal using proper role assignment on TDS portal level (Customer Area and Projects) and in TDS SaaS Services.                                                       

Users authenticated in TDS are also automatically authenticated in all TDS core SaaS Services (Jira, Confluence etc.) until expiration of user's token.

Key SSO Keycloak features:

  1. One time password policy
    1. User logins to TDS SSO and is allowed to access all his available TDS services
    2. User logout from TDS SSO and is logout from all his TDS services which support SSO logout
    3. SPNEGO - disabled
  2. Centralized password policy
    1. User accounts are managed using a single centralized service
  3. Identity brokering
    1. Identity providers based for example on:
      1. OpenID Connect v1.0
      2. SAML v2.0
      3. OAuth v2.0
  4. Authorization policy
    1. Realm role level
    2. Client roles
    3. Role-based access control

SSO Session

Name

Value

SSO Session Idle10 hours
SSO Session Max20 hours
Access Token Lifespan1 minute
  • No labels