Overview

The main components of the services are:

• A Single Sign-On service, based on Keycloak, providing federated and social authentication and supporting SAML and OIDC protocols.
• A Users Portal, where users can manage their own accounts.
• A Group Management System (GMS), where users can define and manage access control groups and mailing lists.
• An Applications Portal, where application owners can register their applications for Single Sign-On and configure the applications' authorization schemes.
• A Resources Portal, where users can visualize and manage their subscriptions to IT services and list their resources.
• The Authorization Service API that can be used to automate the users, groups, resources and applications management.

Several additional services are operated by the same team:

• WLCG IAM instances, that act as OAuth Token Issuers for CERN Experiment participants to access grid computing.
• Certificate Authorities, that provides digital certificates for CERN users, hosts and services.