The old TDS SSO featured based on CAS technology has been replaced by a new with support of OpenID Connect and SAML.
Thanks to the implementation of the new TDS SSO, TDS Saas Service can now be integrated with customer´s Active Directory and authentication of users using OAuth 2.0 protocols.
Key SSO Keycloak features:
- One time password policy
- User logins to TDS SSO and is allowed to access all his available TDS services
- User logout from TDS SSO and is logout from all his TDS services which support SSO logout
- SPNEGO - disabled
- Centralized password policy
- User accounts are managed using a single centralized service
- Identity brokering
- Identity providers based for example on:
- OpenID Connect v1.0
- SAML v2.0
- OAuth v2.0
- Authorization policy
- Realm role level
- Client roles
- Role-based access control
SSO Session
Name | Value |
---|
SSO Session Idle | 10 hours |
SSO Session Max | 20 hours |
Access Token Lifespan | 1 minute |
TDS Login Page
There are the following items on TDS Login Page:
- Username
- user TDS account id required to log in to TDS service
- Password
- Remember Me
- allow user to remain logged in between browser restarts until session expires
- Create new account
- link to Create New Account page
- Contact support
- Reset password (only for TDS instances without AD integration)
Create New Account
Self-invitation is not possible in public TDS.
When it's requested, it's possible to configure TDS portal to support self-invitation:
After entering proper e-mail address, invitation is sent to a new user. A new user is added after email confirmation to TDS portal only (not to Company/Project).