Skip to content

Single Sign-On

Single Sign-On (SSO)

The ALTERNATIVE platform implements a robust Single Sign-On (SSO) solution, which is a key integration between the CKAN-based web application and the JupyterHub development environment. This feature enhances user experience and security across the platform.

Implementation with Keycloak

The SSO functionality is powered by Keycloak, an open-source Identity and Access Management solution. Keycloak serves as the central authentication and authorization server for the ALTERNATIVE platform.

Key aspects of the Keycloak-based SSO implementation include:

  1. Centralized Authentication: Users authenticate once through Keycloak and gain access to multiple applications within the ALTERNATIVE ecosystem.

  2. Seamless User Experience: From the web UI, users can launch Jupyter workspaces without the need for reauthentication, providing a smooth and efficient workflow.

  3. Enhanced Security: By centralizing authentication, Keycloak helps maintain consistent security policies across all integrated applications.

  4. Protocol Support: Keycloak implements industry-standard protocols such as OpenID Connect (OIDC) and OAuth 2.0, ensuring compatibility and security.

Benefits of SSO in ALTERNATIVE

The implementation of SSO brings several advantages to the ALTERNATIVE platform:

  • Improved User Productivity: Users spend less time managing multiple credentials and logging in to different systems.
  • Reduced Password Fatigue: With only one set of credentials to remember, users are less likely to resort to insecure password practices.
  • Streamlined Access Management: Administrators can manage user access to multiple applications from a single point, simplifying user provisioning and deprovisioning.
  • Enhanced Security Monitoring: Centralized authentication allows for better tracking and auditing of user access across the platform.

SSO Workflow

  1. User logs in to the ALTERNATIVE web application using their Keycloak credentials.
  2. Upon successful authentication, Keycloak issues a secure token.
  3. When the user accesses JupyterHub or other integrated services, the token is used to authenticate the user automatically.
  4. The user can seamlessly navigate between CKAN, JupyterHub, and other platform components without additional login prompts.