Chapter 1. Single sign-on in JBoss EAP
Single sign-on (SSO) is a process of authenticating identities for multiple clients from a central identity provider. For example, a user needs only one set of login credentials to log in to different applications that use the same SSO provider.
JBoss EAP supports the following SSO protocols:
- OpenID Connect (OIDC)
- OpenID Connect is an authentication protocol based on the OAuth 2.0 framework of specifications specified in RFC 6749 and RFC 6750.
- Security Assertion Mark-up Language v2 (SAML v2)
- SAML is a data format and protocol that enables the exchange of authentication and authorization information between two parties, typically an identity provider and a service provider. This information is exchanged in the form of SAML tokens that contain assertions, and are issued by Identity Providers to subjects for authenticating with Service Providers. Subjects can reuse SAML tokens issued by an identity provider with multiple service providers, supporting browser-based Single Sign-On in SAML v2.
You can use SSO to secure applications deployed on JBoss EAP running on bare metal as well as JBoss EAP running on Red Hat OpenShift Container Platform. For information about securing applications deployed on JBoss EAP running on Red Hat OpenShift Container Platform with SSO, see the Using JBoss EAP on OpenShift Container Platform.