By using Single Sign-On (SSO), end-users authenticate once and can access SSO applications without having to re-authenticate.
The authentication process validates the end-user identity. Authorization enables end-users to consent to share their personal data with applications and web services.
SSO standards, such as SAML, OAuth2, and OIDC, govern the interactions between the end-user, the Identity and Access Management (IaM) system, and the SSO applications.
Red Hat Single Sign-On (RH-SSO) is a web application that runs on top of Red Hat JBoss Enterprise Application Platform (EAP). It relies on a relational database to store its data.
RH-SSO can manage user accounts in its database, federate users from LDAP or Active Directory, forward SAML and OIDC requests to another SSO system, or use social networks such as Google or GitHub.
RH-SSO supports username and password authentication, two-factor authentication, Web Authentication (WebAuthn), Kerberos, and X.509 client certificate authentication.
To configure and manage RH-SSO, administrators can use the Admin Console, the command-line interface, or the REST API.
For developing SSO applications, libraries are available for most programming languages. Red Hat provides adapters, which are libraries that simplify developments and integration with RH-SSO.