The Keycloak authentication system will be bundled with the next major release of the File Fabric.
Keycloak is an open source single sign-on Identity Management and Access Management solution for applications and services.
We have integrated Keycloak in a way that makes it secure and convenient to use, just like any of the File Fabric’s existing authentication mechanisms, but it is especially well suited for use with the File Fabric’s Business Groups feature.
The File Fabric Business Groups feature provides virtual workspaces in which members of a company can securely share documents in a secure virtual space with invited guests. Documents don’t physically reside in the space, the space is a viewing portal for documents that can be stored on a variety of the underlying data stores that the File Fabric supports. This is similar to the virtual data room concept that you may well be familiar with.
Business Groups do not form part of a companies domain access model as they are virtual and the access and permission model is separate. This makes them more secure and less likely that users will accidentally provide external or guest users access to folders or documents that they should not have access.
Until the Keycloak integration File Fabric administrators had to choose between exposing the File Fabric’s self service registration feature for invited external users or creating accounts for them in the enterprise’s internal IAM authentication system such as Active Directory or LDAP, something that may be against security policies in many companies.
The Keycloak integration also exposes authentication support for other authentication services that are currently not supported in the File Fabric, such as OpenID.
With this integration when business group users are invited to participate in a WorkSpaces they can be directed to Keycloak for authentication registration where they are able to either create a new account for self-registration or instead use an existing authentications mechanism such as OpenID (or any of several other supported services) to establish or confirm their identities.
Once authentication registration is complete the File Fabric’s Business Groups workflow will then ensure that they become authorised File Fabric users.
To make Keycloak easy for system administrators to support, we will be providing it as a Docker image that will run on the same VM as the File Fabric.
Distributing the software in this way enables us to preconfigure Keycloak and its operating environment so system Administrators don’t have to concern themselves with managing a Keycloak server.
Also note that we have also enhanced the File Fabric configuration to enable Keycloak to extend how authentication is handled for multi-node and HA File Fabric deployments.
Want to know more? Contact us.by