The old TDS SSO featured based on CAS technology has been replaced by a new with support of OpenID Connect and SAML.
Thanks to the implementation of the new TDS SSO, TDS Saas Service can now be integrated with customerĀ“s Active Directory and authentication of users using OAuth 2.0 protocols.
Key SSO Keycloak features:
- One time password policy
- User logins to TDS SSO and is allowed to access all his available TDS services
- User logout from TDS SSO and is logout from all his TDS services which support SSO logout
- SPNEGO - disabled
- Centralized password policy
- User accounts are managed using a single centralized service
- Identity brokering
- Identity providers based for example on:
- OpenID Connect v1.0
- SAML v2.0
- OAuth v2.0
- Authorization policy
- Realm role level
- Client roles
- Role-based access control
SSO Session
Name | Value |
---|
SSO Session Idle | 10 hours |
SSO Session Max | 20 hours |
Access Token Lifespan | 1 minute |