3. Early Days
Authentication implemented within Appliance
Local Database (Default)
MiqLDAP
LDAP Directories (OpenLDAP, RedHat Directory Server, etc.)
Active Directory
Amazon SDK
AWS IAM (Identity and Access Management)
4. Technology Shift
Local Authentication Implementations
Limited authentication types
Frequent fixes due to limitations
Longer enhancements implementation times.
External Authentication
Industry proven Apache Authentication stack
Wider availability of Authentication modules
Leveraging RHEL Security Services
12. Future Enhancements
Adding Support for:
Enhanced Client & Proxy
Enabling REST API authentication using SAML provider
Allowing authentication using SAML credentials in SSUI
Verification with additional SAML providers
Active Directory Federated Services
Script:
Login to KC
Show Realm
Show Client added
Show groups
Show users
Show in Client the links in MIQ
Show in Client the Assertions added
Login to Miq admin/smartvm
Change Authentication to Enable SAML
Logout
Show New login screen
Click on Login using corporate system
Login on keycloak using abellotti
Show user in Miq with groups.
Change Authentication to enable SSO
Logout
Talk about being able to login via admin/, click on Login using corporate system for KC
Talk about going to page directory (hitting Reload) auto redirects to KC
Login on keyclock using abellotti
Remove enable SSO but disable local login
Logout
Show that there is not Miq login screen, and just the KC login
Talk about use for environment where admins are centrally managed
Login as miqadmin
Talk about ability to re-enable local login, or if IDP Down
Demo Appliance Console
Change setting
Back to Miq, reload page
Logout
Show the Miq login screen