EFPF Security Portal

Overview

  • EFPF Security Portal (EFS) facilitates the federated security, SSO and security governance mechanisms in EFPF ecosystem. The following diagram gives an overview of the Design Goals of EFS. img Figure 1 : EFS Design Goals

Components

EFS comprises of following components;

  • Keycloak : Identity Provider for EFPF which faciliates federated identity management and Single-Sign-On facilities with the connected platforms
  • Policy Enforcement Service : Enablles the enforcement of policies for the services exposed via the Data Spine and user roles defined for EFPF platform.

You can access the EFPF Security Portal Keycloak here : https://efpf-security-portal.salzburgresearch.at/auth/

Following diagram depicts how SSO is setup in EFPF.

img Figure 2 : EFPF SSO Setup

You can find the How To Guides on setting up SSO in EFPF in the next sections.

EFS enables 2 types of permissions;

  • Resource based : The permission can be directly applied to a resource created in the identity server
  • Scope-Based: The permission can be assigned to scopes or both scopes and a resource.

Above access policies are enforced in Keycloak via the API Security Gateway in the Data Spine.

Following diagram shows how EFS interacts with API Security Gateway to enforce Policies in the Authorization workflow.

img Figure 3 : Authorization workflow with EFS and API Securty Gateway