EFPF Security Portal
- EFPF Security Portal (EFS) facilitates the federated security, SSO and security governance mechanisms in EFPF ecosystem. The following diagram gives an overview of the Design Goals of EFS. Figure 1 : EFS Design Goals
EFS comprises of following components;
- Keycloak : Identity Provider for EFPF which faciliates federated identity management and Single-Sign-On facilities with the connected platforms
- Policy Enforcement Service : Enablles the enforcement of policies for the services exposed via the Data Spine and user roles defined for EFPF platform.
You can access the EFPF Security Portal Keycloak here : https://efpf-security-portal.salzburgresearch.at/auth/
Following diagram depicts how SSO is setup in EFPF.
Figure 2 : EFPF SSO Setup
You can find the How To Guides on setting up SSO in EFPF in the next sections.
EFS enables 2 types of permissions;
- Resource based : The permission can be directly applied to a resource created in the identity server
- Scope-Based: The permission can be assigned to scopes or both scopes and a resource.
Above access policies are enforced in Keycloak via the API Security Gateway in the Data Spine.
Following diagram shows how EFS interacts with API Security Gateway to enforce Policies in the Authorization workflow.
Figure 3 : Authorization workflow with EFS and API Securty Gateway