Chapter 1. Overview
The single sign-on (SSO) server, based on the Keycloak project, enables you to secure your web applications by providing Web SSO capabilities based on popular standards such as SAML 2.0, OpenID Connect and OAuth 2.0. The Server can act as a SAML or OpenID Connect-based Identity Provider, mediating with your enterprise user directory or 3rd-party Identity Provider for identity information and your applications via standards-based tokens.
Chapter 2. Feature Overview
2.1. Single Sign-On(SSO) Server
Red Hat Single Sign-On (RH-SSO) 7.0 includes a standalone SSO server, which serves as a Security Assertion Markup Language (SAML) 2.0 or OpenID Connect-based Identity Provider.
2.2. Client adapters for JBoss EAP
RH-SSO 7.0 includes client adapters for Red Hat JBoss Enterprise Application Platform (EAP) 6.4 and 7.0, The designated adapters enable JBoss EAP to act as SAML Service Provider or OpenID Connect-based Resource Server, interfacing with standalone RH-SSO Server.
2.3. Mod_auth_mellon certification
RH-SSO 7.0 Server is supported as a SAML 2.0 Identity Provider integrated with the mod_auth_mellon module in Red Hat Enterprise Linux (RHEL) 7.2 acting as SAML 2.0 Service Provider.
2.4. Client adapter for JBoss Fuse
The Maven repository for RH-SSO 7.0 includes a client adapter for Red Hat JBoss Fuse 6.2 as a Technology Preview feature.
2.5. User Federation
RH-SSO 7.0 is tested with a variety of LDAP servers, Microsoft Active Directory, and RHEL Identity Management (IdM) as one or more federated sources of enterprise user information. For more details on supported integrations, please refer to https://access.redhat.com/articles/2342861
2.6. SPNEGO-based Kerberos
RH-SSO 7.0 Server supports SPNEGO integration with Microsoft Active Directory and RHEL Identity Management (IdM), which have been configured to use Kerberos.
2.7. Identity brokering
RH-SSO 7.0 integrates with a 3rd party SSO Providers and social login providers, such as Facebook, Google, Twitter, for user authentication.
2.8. Administration user interface (UI) and REST APIs
RH-SSO supports an Administration UI as well as REST APIs for a variety of user management, role mapping, client registration, user federation, and identity brokering operations.
Chapter 3. Supported Configurations
3.1. Supported Configurations
For supported hardware and software configurations and integrations, see the Red Hat Single Sign-On Supported Configurations reference on the Customer Portal at https://access.redhat.com/articles/2342861
Chapter 4. Component Versions
4.1. Component Versions
The full list of component versions used in Red Hat Single Sign-On 7.0 is available at the Customer Portal at https://access.redhat.com/articles/2342881
Chapter 5. Known Issues
5.1. Known Issues
- "Add user federation provider" form doesn’t validate "Custom User LDAP Filter" field
- The "tree lines" menu doesn’t work
- Unstable Admin Console when opening multiple browser tabs
- Confirm before changing OTP Policy
- Unable to add an Authenticator app without scanning QR
- Broken Authenticator Setup with smaller resolutions
- Composite roles does not work with SAML
- RESET_PASSWORD_ERROR and UPDATE_PASSWORD_ERROR events not fired
- Upload-certificate admin endpoint does not nullify private keys
- Roles assigned to groups are not recognized when users access admin console
- Kerberos authenticator changed from REQUIRED to ALTERNATIVE during userFederationProvider update
- Dropdown menu in navigation bar doesn’t work with small screens
- Internal Server Error thrown when Update User API is invoked w/o 'username' parameter
- IBM DB2 fails if JPA criteria query sets just firstResult but not maxResults
- Download adapter config from admin console for "signed JWT" clients
- NPE when accessing Account with invalid clientId set as ?referrer, and additional referrer_uri set
- SAML ECP Profile Flow is empty
- OutdatedTopologyException when creating realm during cluster node failback/startup