Speaker
Description
The Single Sign-On (SSO) service at CERN has undergone a significant evolution over recent years, transitioning from a Puppet-hosted solution to a Kubernetes-based infrastructure. Since September 2023, the current team has focused on cementing SSO as a stable and reliable cornerstone of CERN's IT services. Effort was concentrated on implementing best practices in service management - a mid term investment that is already proving worthwhile.
This presentation highlights the strides made in consolidating and modernizing the SSO service. Key achievements include the successful migration from Keycloak 20 to Keycloak 24 and significant improvements in monitoring using Grafana, disaster recovery preparation, and proactive alerting through Telegram and Mattermost.
We also showcase the advantages of Keycloak as a central identity management solution for CERN. Keycloak's extensibility lies in its ability to support custom development through Java-based Service Provider Interfaces (SPIs) to meet specific organizational needs. By implementing these SPIs, the team was able to bridge the gap between modern identity protocols and CERN's diverse legacy systems.
Furthermore, the team has implemented proactive configuration control measures, such as exporting Keycloak realm configurations to GitLab, enabling transparency and traceability for changes made to the SSO configuration.
| Speaker release | Yes |
|---|
