CERN Authorization Service
The goal of the new CERN Authorization Service is to provide a centralized authentication and authorization infrastructure.
Roadmap
Updated on 31/08/23
Current What we work on now (H2 2023) |
Near-term What we plan working on next (H1 2024) |
Future What we investigate |
||||||||||||||
|
|
|
Overview of our services
The main components of the service are:
- A Single Sign-On service, based on Keycloak, providing federated and social authentication and supporting SAML and OIDC protocols. This service is replacing the previous Single Sign-On service based on Microsoft ADFS.
- A Users Portal, where users can manage their own accounts.
- A Groups Portal, where users can define static and dynamic groups, including external (non-CERN) members.
- An Applications Portal, where application owners can register their applications for Single Sign-On and configure the applications authorization schemes.
- An API that can be used to automate the users, groups and applications management (for extensive documentation of these entities check here).
Contact
See the dedicated contact page with ways to reach us and to stay in touch.