Single Sign-On

We use KeyCloak for identity management. This provide us with a OpenID Connect (an extension to OAuth 2.0) compliant identity service that we can use to authenticate users. Much like what Google and Github provide to login to other apps. Keycloak will provide:

• The login user experience, including signing in page

• 2FA

• Password reset features, account management

• The ability to manage user permissions centrally, across applications

• Our applications will just consume the resulting ID token that is produced to authenticate users and to check the roles that they are assigned.

We currently support the Auth Code Flow :

1. User access the JeMPI UI and clicks on "Sign-In with Keycloak".

2. User is redirected to Keycloak where he needs to submit his credentials.

3. User gets redirected back to the JeMPI UI along with the auth code parameters.

Local development

Setup Local JeMPI

1. Clone the JeMPI git repository

1. Update local config to use Keycloak

1. Execute the local-deployment script

1. Select Option 1: Deploy JeMPI (For Fresh Start)

2. Access : http://localhost:3000/login

1. Sign in with Keycloak user credentials