SlideShare a Scribd company logo

Modular IAM Stack for Containers

Univention GmbH
Univention GmbH

Modularity and IAM Stack focuses on containerizing the Univention Management Stack for deployment in modern data centers and clouds. The goals are to deploy each module in multiple instances for scalability and high availability, use a service-oriented API-first architecture, and deploy on platforms like Kubernetes and Sovereign Cloud Stack. Key aspects include containerizing IAM services like OpenLDAP, UDM, and Keycloak for SSO and federation; using the UDM REST API as the primary access point; and rethinking service provisioning to use an event queue instead of LDAP listeners. Challenges include orchestrating services in Kubernetes and ensuring high availability and scalability of the containerized LDAP database.

Software
1 of 19
Download to read offline
Modularity and IAM Stack Container Strategy in UCS Arvid Requate Univention GmbH requate@univention.de
From UCS Appliance to Service Oriented IAM Architecture ● UCS Appliance: Debian based Operating System ● Appcenter: simple domain wide deployment and integration of services ● UCS core value lies in IAM and related APIs ● Operation in data centers demands containerization
Goals ● Deployment in modern data center environments and cloud services ● Focus on service, separation from platform ● Standardized deployment ● Scalability and High Availability of Univention Management Stack ● Each module shall be deployed in several instances ● API first ● User interfaces consume those APIs ● Decoupling of development areas ● Deployment on arbitrary (Linux) operating systems (with tradeoffs re: scalability)
Target platforms ● Kubernetes as CaaS Plattform ● Sovereign Cloudstack ● Partner datacenters, e.g. Phoenix ● Classic Linux Servers ● UCS appliance (Debian) ● Other Linux distributions
Sovereign Cloud Stack (SCS): open source reference plattform ● CSP datacenters provide IaaS (e.g. OpenStack) and CaaS (Kubernets) ● Sovereign Cloud Stack aims to be open source reference implementation ● „Openstack based Distribution for CSPs“ ● Univention Management Stack shall be deployable on Kubernetes / SCS. ● Current state: ● Containerized OpenLDAP as default IAM backend store for Keycloak ● Keycloak as main layer for federation between IdPs
Services oriented IAM architecture ● The building blocks: Containerized IAM Services ● UCS Portal ● Univention Management Console (UMC) ● UDM-REST API ● SSO with federation ● OpenLDAP ● Provisioning
API First ● Univention Directory Manager simplifies IAM ● Abstracts from LDAP specific implementation details ● UDM-REST-API as primary entry point ● Taking the UDM Python API to a HTTP based service architecture ● Univention Management Console (UMC) uses that REST-API ● Access to interfaces (APIs) can be load balanced ● Horizontal scalability
SSO: Integration of Keycloak in UCS ● OpenID Connect & SAML in one solution ● Federation options to external IdPs ● LDAP „user federation“, Keycloak only holding „shadow“ accounts ● Basic 2FA options ● Containerized operation with HTTP configuration API ● Keycloak 18 (Keycloak-X architecture) with UCS themed login screen ● First class IAM component, enhancing OpenLDAP
SSO: Keycloak User Federation + Ad-Hoc provisioning First Broker Login Flow Keycloak SSO Entrypoint MS ADFS First User Access
SSO: Keycloak App in Appcenter ● Keycloak container will be offered as optional app ● Alternative to simpleSAMLphp and Kopano Konnect ● Later: HA integration suitable as full replacement for UCS SSO ● We need that component for the data center ● And also directly build it into the UCS appliance ● Goal: Keycloak as standard IdP for UCS appliance and data center
Challenges ● Service orchestration, configuration and discovery in Kubernetes ● LDAP schema & ACL extensions ● Live update via cn=Config ● Persistence of reference configuration for re-provisioning ● Cattle vs Pet ● Robust & efficient scaling of LDAP – Testing, testing, testing... ● High availability for Primary: Multiprovider replication ● UDM-Rest as sole authorized writer, UID allocator
Thanks for you attention! Arvid Requate Univention GmbH requate@univention.de
Appendix (if time permits)
Rethinking service provisioning ● UDM-REST-API as primary entry point 1) Writes to Identity Store via LDAP 2) Feeds events into queueing system ● Containerized workers 1) Consume events from queue 2) provision Apps and external Services ● In contrast: Listener modules used to be fed by LDAP
Rethinking LDAP replication ● Let OpenLDAP handle replication of LDAP data natively ● syncrepl: LDAP Content Synchronization (RFC4533) ● Allows: High-Availability with Multiprovider replication ● Listener/Notifier can be phased out ● Translog ● Listener cache

Recommended

Confluent Operator as Cloud-Native Kafka Operator for Kubernetes
Confluent Operator as Cloud-Native Kafka Operator for KubernetesConfluent Operator as Cloud-Native Kafka Operator for Kubernetes
Confluent Operator as Cloud-Native Kafka Operator for KubernetesKai Wähner
 
vCloud Automation Center and Pivotal Cloud Foundry – Better PaaS Solution (VM...
vCloud Automation Center and Pivotal Cloud Foundry – Better PaaS Solution (VM...vCloud Automation Center and Pivotal Cloud Foundry – Better PaaS Solution (VM...
vCloud Automation Center and Pivotal Cloud Foundry – Better PaaS Solution (VM...VMware Tanzu
 
Docker Datacenter Overview and Production Setup Slides
Docker Datacenter Overview and Production Setup SlidesDocker Datacenter Overview and Production Setup Slides
Docker Datacenter Overview and Production Setup SlidesDocker, Inc.
 
Cloudify 4.6 highlights webinar
Cloudify 4.6 highlights webinarCloudify 4.6 highlights webinar
Cloudify 4.6 highlights webinarCloudify Community
 
A First Look at vSphere Integrated Containers and Photon Platform
A First Look at vSphere Integrated Containers and Photon PlatformA First Look at vSphere Integrated Containers and Photon Platform
A First Look at vSphere Integrated Containers and Photon PlatformDan Wendlandt
 
Kubernetes: Dive into the Future of Infrastructure
Kubernetes: Dive into the Future of InfrastructureKubernetes: Dive into the Future of Infrastructure
Kubernetes: Dive into the Future of InfrastructureGlobalLogic Ukraine
 
Webinar: Dealing with automation tool overload!
Webinar: Dealing with automation tool overload!Webinar: Dealing with automation tool overload!
Webinar: Dealing with automation tool overload!Cloudify Community
 
EGI TF 2013 / Cloud Interoperability Week – Hands-On Tutorial
EGI TF 2013 / Cloud Interoperability Week – Hands-On TutorialEGI TF 2013 / Cloud Interoperability Week – Hands-On Tutorial
EGI TF 2013 / Cloud Interoperability Week – Hands-On TutorialOpenNebula Project
 

Recommended

Confluent Operator as Cloud-Native Kafka Operator for Kubernetes
Confluent Operator as Cloud-Native Kafka Operator for KubernetesConfluent Operator as Cloud-Native Kafka Operator for Kubernetes
Confluent Operator as Cloud-Native Kafka Operator for KubernetesKai Wähner
 
vCloud Automation Center and Pivotal Cloud Foundry – Better PaaS Solution (VM...
vCloud Automation Center and Pivotal Cloud Foundry – Better PaaS Solution (VM...vCloud Automation Center and Pivotal Cloud Foundry – Better PaaS Solution (VM...
vCloud Automation Center and Pivotal Cloud Foundry – Better PaaS Solution (VM...VMware Tanzu
 
Docker Datacenter Overview and Production Setup Slides
Docker Datacenter Overview and Production Setup SlidesDocker Datacenter Overview and Production Setup Slides
Docker Datacenter Overview and Production Setup SlidesDocker, Inc.
 
Cloudify 4.6 highlights webinar
Cloudify 4.6 highlights webinarCloudify 4.6 highlights webinar
Cloudify 4.6 highlights webinarCloudify Community
 
A First Look at vSphere Integrated Containers and Photon Platform
A First Look at vSphere Integrated Containers and Photon PlatformA First Look at vSphere Integrated Containers and Photon Platform
A First Look at vSphere Integrated Containers and Photon PlatformDan Wendlandt
 
Kubernetes: Dive into the Future of Infrastructure
Kubernetes: Dive into the Future of InfrastructureKubernetes: Dive into the Future of Infrastructure
Kubernetes: Dive into the Future of InfrastructureGlobalLogic Ukraine
 
Webinar: Dealing with automation tool overload!
Webinar: Dealing with automation tool overload!Webinar: Dealing with automation tool overload!
Webinar: Dealing with automation tool overload!Cloudify Community
 
EGI TF 2013 / Cloud Interoperability Week – Hands-On Tutorial
EGI TF 2013 / Cloud Interoperability Week – Hands-On TutorialEGI TF 2013 / Cloud Interoperability Week – Hands-On Tutorial
EGI TF 2013 / Cloud Interoperability Week – Hands-On TutorialOpenNebula Project
 
Introduction to AWS & Cloud Services
Introduction to AWS & Cloud ServicesIntroduction to AWS & Cloud Services
Introduction to AWS & Cloud ServicesAnn Venkataraman
 
Day in the life event-driven workshop
Day in the life event-driven workshopDay in the life event-driven workshop
Day in the life event-driven workshopChristina Lin
 
AMIS Oracle OpenWorld 2015 Review – part 2- Hardware & IaaS and PaaS Cloud Fo...
AMIS Oracle OpenWorld 2015 Review – part 2- Hardware & IaaS and PaaS Cloud Fo...AMIS Oracle OpenWorld 2015 Review – part 2- Hardware & IaaS and PaaS Cloud Fo...
AMIS Oracle OpenWorld 2015 Review – part 2- Hardware & IaaS and PaaS Cloud Fo...Getting value from IoT, Integration and Data Analytics
 
Oow2016 review-iaas-paas-13th-18thoctober
Oow2016 review-iaas-paas-13th-18thoctoberOow2016 review-iaas-paas-13th-18thoctober
Oow2016 review-iaas-paas-13th-18thoctoberGetting value from IoT, Integration and Data Analytics
 
VMware - Application Portability
VMware - Application PortabilityVMware - Application Portability
VMware - Application PortabilityVMUG IT
 
Agile Integration Workshop
Agile Integration WorkshopAgile Integration Workshop
Agile Integration WorkshopJudy Breedlove
 
.NET Core Apps: Design & Development
.NET Core Apps: Design & Development.NET Core Apps: Design & Development
.NET Core Apps: Design & DevelopmentGlobalLogic Ukraine
 
Beyond the Brokers: A Tour of the Kafka Ecosystem
Beyond the Brokers: A Tour of the Kafka EcosystemBeyond the Brokers: A Tour of the Kafka Ecosystem
Beyond the Brokers: A Tour of the Kafka Ecosystemconfluent
 
Beyond the brokers - A tour of the Kafka ecosystem
Beyond the brokers - A tour of the Kafka ecosystemBeyond the brokers - A tour of the Kafka ecosystem
Beyond the brokers - A tour of the Kafka ecosystemDamien Gasparina
 
Spring Cloud Services with Pivotal Cloud Foundry- Gokhan Goksu
Spring Cloud Services with Pivotal Cloud Foundry- Gokhan GoksuSpring Cloud Services with Pivotal Cloud Foundry- Gokhan Goksu
Spring Cloud Services with Pivotal Cloud Foundry- Gokhan GoksuVMware Tanzu
 
Osgi based cloud system architecture - Open Cloud Engine
Osgi based cloud system architecture - Open Cloud EngineOsgi based cloud system architecture - Open Cloud Engine
Osgi based cloud system architecture - Open Cloud EngineuEngine Solutions
 
Oow2016 review--paas-microservices-
Oow2016 review--paas-microservices-Oow2016 review--paas-microservices-
Oow2016 review--paas-microservices-Getting value from IoT, Integration and Data Analytics
 
Containers Anywhere with OpenShift by Red Hat
Containers Anywhere with OpenShift by Red HatContainers Anywhere with OpenShift by Red Hat
Containers Anywhere with OpenShift by Red HatAmazon Web Services
 
Cloudexpowest opensourcecloudcomputing-1by arun kumar
Cloudexpowest opensourcecloudcomputing-1by arun kumarCloudexpowest opensourcecloudcomputing-1by arun kumar
Cloudexpowest opensourcecloudcomputing-1by arun kumarArun Kumar
 
Cloudexpowest opensourcecloudcomputing-1by arun kumar
Cloudexpowest opensourcecloudcomputing-1by arun kumarCloudexpowest opensourcecloudcomputing-1by arun kumar
Cloudexpowest opensourcecloudcomputing-1by arun kumarArun Kumar
 
IBM BP Session - Multiple CLoud Paks and Cloud Paks Foundational Services.pptx
IBM BP Session - Multiple CLoud Paks and Cloud Paks Foundational Services.pptxIBM BP Session - Multiple CLoud Paks and Cloud Paks Foundational Services.pptx
IBM BP Session - Multiple CLoud Paks and Cloud Paks Foundational Services.pptxGeorg Ember
 
CloudStack Overview
CloudStack OverviewCloudStack Overview
CloudStack Overviewsedukull
 
Introduction to Apache Mesos and DC/OS
Introduction to Apache Mesos and DC/OSIntroduction to Apache Mesos and DC/OS
Introduction to Apache Mesos and DC/OSSteve Wong
 
Containers as Infrastructure for New Gen Apps
Containers as Infrastructure for New Gen AppsContainers as Infrastructure for New Gen Apps
Containers as Infrastructure for New Gen AppsKhalid Ahmed
 
Apidays Paris 2023 - Kubernetes Gateways, Pubudu Gunatilaka, WSO2
Apidays Paris 2023 - Kubernetes Gateways, Pubudu Gunatilaka, WSO2Apidays Paris 2023 - Kubernetes Gateways, Pubudu Gunatilaka, WSO2
Apidays Paris 2023 - Kubernetes Gateways, Pubudu Gunatilaka, WSO2apidays
 
Status des Rollen- und Rechtemodells in UCS und UCS@school - Daniel Tröder - ...
Status des Rollen- und Rechtemodells in UCS und UCS@school - Daniel Tröder - ...Status des Rollen- und Rechtemodells in UCS und UCS@school - Daniel Tröder - ...
Status des Rollen- und Rechtemodells in UCS und UCS@school - Daniel Tröder - ...Univention GmbH
 
Technical Deep Dive - OpenID-Connect and OAuth 2.0 in UCS IAM - Florian Best ...
Technical Deep Dive - OpenID-Connect and OAuth 2.0 in UCS IAM - Florian Best ...Technical Deep Dive - OpenID-Connect and OAuth 2.0 in UCS IAM - Florian Best ...
Technical Deep Dive - OpenID-Connect and OAuth 2.0 in UCS IAM - Florian Best ...Univention GmbH
 

More Related Content

Similar to Modular IAM Stack for Containers

Introduction to AWS & Cloud Services
Introduction to AWS & Cloud ServicesIntroduction to AWS & Cloud Services
Introduction to AWS & Cloud ServicesAnn Venkataraman
 
Day in the life event-driven workshop
Day in the life event-driven workshopDay in the life event-driven workshop
Day in the life event-driven workshopChristina Lin
 
VMware - Application Portability
VMware - Application PortabilityVMware - Application Portability
VMware - Application PortabilityVMUG IT
 
Agile Integration Workshop
Agile Integration WorkshopAgile Integration Workshop
Agile Integration WorkshopJudy Breedlove
 
.NET Core Apps: Design & Development
.NET Core Apps: Design & Development.NET Core Apps: Design & Development
.NET Core Apps: Design & DevelopmentGlobalLogic Ukraine
 
Beyond the Brokers: A Tour of the Kafka Ecosystem
Beyond the Brokers: A Tour of the Kafka EcosystemBeyond the Brokers: A Tour of the Kafka Ecosystem
Beyond the Brokers: A Tour of the Kafka Ecosystemconfluent
 
Beyond the brokers - A tour of the Kafka ecosystem
Beyond the brokers - A tour of the Kafka ecosystemBeyond the brokers - A tour of the Kafka ecosystem
Beyond the brokers - A tour of the Kafka ecosystemDamien Gasparina
 
Spring Cloud Services with Pivotal Cloud Foundry- Gokhan Goksu
Spring Cloud Services with Pivotal Cloud Foundry- Gokhan GoksuSpring Cloud Services with Pivotal Cloud Foundry- Gokhan Goksu
Spring Cloud Services with Pivotal Cloud Foundry- Gokhan GoksuVMware Tanzu
 
Osgi based cloud system architecture - Open Cloud Engine
Osgi based cloud system architecture - Open Cloud EngineOsgi based cloud system architecture - Open Cloud Engine
Osgi based cloud system architecture - Open Cloud EngineuEngine Solutions
 
Containers Anywhere with OpenShift by Red Hat
Containers Anywhere with OpenShift by Red HatContainers Anywhere with OpenShift by Red Hat
Containers Anywhere with OpenShift by Red HatAmazon Web Services
 
Cloudexpowest opensourcecloudcomputing-1by arun kumar
Cloudexpowest opensourcecloudcomputing-1by arun kumarCloudexpowest opensourcecloudcomputing-1by arun kumar
Cloudexpowest opensourcecloudcomputing-1by arun kumarArun Kumar
 
Cloudexpowest opensourcecloudcomputing-1by arun kumar
Cloudexpowest opensourcecloudcomputing-1by arun kumarCloudexpowest opensourcecloudcomputing-1by arun kumar
Cloudexpowest opensourcecloudcomputing-1by arun kumarArun Kumar
 
IBM BP Session - Multiple CLoud Paks and Cloud Paks Foundational Services.pptx
IBM BP Session - Multiple CLoud Paks and Cloud Paks Foundational Services.pptxIBM BP Session - Multiple CLoud Paks and Cloud Paks Foundational Services.pptx
IBM BP Session - Multiple CLoud Paks and Cloud Paks Foundational Services.pptxGeorg Ember
 
CloudStack Overview
CloudStack OverviewCloudStack Overview
CloudStack Overviewsedukull
 
Introduction to Apache Mesos and DC/OS
Introduction to Apache Mesos and DC/OSIntroduction to Apache Mesos and DC/OS
Introduction to Apache Mesos and DC/OSSteve Wong
 
Containers as Infrastructure for New Gen Apps
Containers as Infrastructure for New Gen AppsContainers as Infrastructure for New Gen Apps
Containers as Infrastructure for New Gen AppsKhalid Ahmed
 
Apidays Paris 2023 - Kubernetes Gateways, Pubudu Gunatilaka, WSO2
Apidays Paris 2023 - Kubernetes Gateways, Pubudu Gunatilaka, WSO2Apidays Paris 2023 - Kubernetes Gateways, Pubudu Gunatilaka, WSO2
Apidays Paris 2023 - Kubernetes Gateways, Pubudu Gunatilaka, WSO2apidays
 

Similar to Modular IAM Stack for Containers (20)

Introduction to AWS & Cloud Services
Introduction to AWS & Cloud ServicesIntroduction to AWS & Cloud Services
Introduction to AWS & Cloud Services
 
Day in the life event-driven workshop
Day in the life event-driven workshopDay in the life event-driven workshop
Day in the life event-driven workshop
 
AMIS Oracle OpenWorld 2015 Review – part 2- Hardware & IaaS and PaaS Cloud Fo...
AMIS Oracle OpenWorld 2015 Review – part 2- Hardware & IaaS and PaaS Cloud Fo...AMIS Oracle OpenWorld 2015 Review – part 2- Hardware & IaaS and PaaS Cloud Fo...
AMIS Oracle OpenWorld 2015 Review – part 2- Hardware & IaaS and PaaS Cloud Fo...
 
Oow2016 review-iaas-paas-13th-18thoctober
Oow2016 review-iaas-paas-13th-18thoctoberOow2016 review-iaas-paas-13th-18thoctober
Oow2016 review-iaas-paas-13th-18thoctober
 
VMware - Application Portability
VMware - Application PortabilityVMware - Application Portability
VMware - Application Portability
 
Agile Integration Workshop
Agile Integration WorkshopAgile Integration Workshop
Agile Integration Workshop
 
.NET Core Apps: Design & Development
.NET Core Apps: Design & Development.NET Core Apps: Design & Development
.NET Core Apps: Design & Development
 
Beyond the Brokers: A Tour of the Kafka Ecosystem
Beyond the Brokers: A Tour of the Kafka EcosystemBeyond the Brokers: A Tour of the Kafka Ecosystem
Beyond the Brokers: A Tour of the Kafka Ecosystem
 
Beyond the brokers - A tour of the Kafka ecosystem
Beyond the brokers - A tour of the Kafka ecosystemBeyond the brokers - A tour of the Kafka ecosystem
Beyond the brokers - A tour of the Kafka ecosystem
 
Spring Cloud Services with Pivotal Cloud Foundry- Gokhan Goksu
Spring Cloud Services with Pivotal Cloud Foundry- Gokhan GoksuSpring Cloud Services with Pivotal Cloud Foundry- Gokhan Goksu
Spring Cloud Services with Pivotal Cloud Foundry- Gokhan Goksu
 
Osgi based cloud system architecture - Open Cloud Engine
Osgi based cloud system architecture - Open Cloud EngineOsgi based cloud system architecture - Open Cloud Engine
Osgi based cloud system architecture - Open Cloud Engine
 
Oow2016 review--paas-microservices-
Oow2016 review--paas-microservices-Oow2016 review--paas-microservices-
Oow2016 review--paas-microservices-
 
Containers Anywhere with OpenShift by Red Hat
Containers Anywhere with OpenShift by Red HatContainers Anywhere with OpenShift by Red Hat
Containers Anywhere with OpenShift by Red Hat
 
Cloudexpowest opensourcecloudcomputing-1by arun kumar
Cloudexpowest opensourcecloudcomputing-1by arun kumarCloudexpowest opensourcecloudcomputing-1by arun kumar
Cloudexpowest opensourcecloudcomputing-1by arun kumar
 
Cloudexpowest opensourcecloudcomputing-1by arun kumar
Cloudexpowest opensourcecloudcomputing-1by arun kumarCloudexpowest opensourcecloudcomputing-1by arun kumar
Cloudexpowest opensourcecloudcomputing-1by arun kumar
 
IBM BP Session - Multiple CLoud Paks and Cloud Paks Foundational Services.pptx
IBM BP Session - Multiple CLoud Paks and Cloud Paks Foundational Services.pptxIBM BP Session - Multiple CLoud Paks and Cloud Paks Foundational Services.pptx
IBM BP Session - Multiple CLoud Paks and Cloud Paks Foundational Services.pptx
 
CloudStack Overview
CloudStack OverviewCloudStack Overview
CloudStack Overview
 
Introduction to Apache Mesos and DC/OS
Introduction to Apache Mesos and DC/OSIntroduction to Apache Mesos and DC/OS
Introduction to Apache Mesos and DC/OS
 
Containers as Infrastructure for New Gen Apps
Containers as Infrastructure for New Gen AppsContainers as Infrastructure for New Gen Apps
Containers as Infrastructure for New Gen Apps
 
Apidays Paris 2023 - Kubernetes Gateways, Pubudu Gunatilaka, WSO2
Apidays Paris 2023 - Kubernetes Gateways, Pubudu Gunatilaka, WSO2Apidays Paris 2023 - Kubernetes Gateways, Pubudu Gunatilaka, WSO2
Apidays Paris 2023 - Kubernetes Gateways, Pubudu Gunatilaka, WSO2
 

More from Univention GmbH

Status des Rollen- und Rechtemodells in UCS und UCS@school - Daniel Tröder - ...
Status des Rollen- und Rechtemodells in UCS und UCS@school - Daniel Tröder - ...Status des Rollen- und Rechtemodells in UCS und UCS@school - Daniel Tröder - ...
Status des Rollen- und Rechtemodells in UCS und UCS@school - Daniel Tröder - ...Univention GmbH
 
Technical Deep Dive - OpenID-Connect and OAuth 2.0 in UCS IAM - Florian Best ...
Technical Deep Dive - OpenID-Connect and OAuth 2.0 in UCS IAM - Florian Best ...Technical Deep Dive - OpenID-Connect and OAuth 2.0 in UCS IAM - Florian Best ...
Technical Deep Dive - OpenID-Connect and OAuth 2.0 in UCS IAM - Florian Best ...Univention GmbH
 
Univention IAM and Portal for Kubernetes - Ingo Steuwer - Univention Summit 2024
Univention IAM and Portal for Kubernetes - Ingo Steuwer - Univention Summit 2024Univention IAM and Portal for Kubernetes - Ingo Steuwer - Univention Summit 2024
Univention IAM and Portal for Kubernetes - Ingo Steuwer - Univention Summit 2024Univention GmbH
 
Keycloak as the New Identity Provider for UCS - Felix Botner & Erik Damrose -...
Keycloak as the New Identity Provider for UCS - Felix Botner & Erik Damrose -...Keycloak as the New Identity Provider for UCS - Felix Botner & Erik Damrose -...
Keycloak as the New Identity Provider for UCS - Felix Botner & Erik Damrose -...Univention GmbH
 
Outlook on UCS 5.2 - Ingo Steuwer - Univention Summit 2024
Outlook on UCS 5.2 - Ingo Steuwer - Univention Summit 2024Outlook on UCS 5.2 - Ingo Steuwer - Univention Summit 2024
Outlook on UCS 5.2 - Ingo Steuwer - Univention Summit 2024Univention GmbH
 
Wohin entwickelt sich UCS? Ingo Steuwer - Univention Summit 2022
Wohin entwickelt sich UCS? Ingo Steuwer - Univention Summit 2022Wohin entwickelt sich UCS? Ingo Steuwer - Univention Summit 2022
Wohin entwickelt sich UCS? Ingo Steuwer - Univention Summit 2022Univention GmbH
 
Barrierefreiheit in UCS - Univention GmbH - Univention Summit 2022
Barrierefreiheit in UCS - Univention GmbH - Univention Summit 2022Barrierefreiheit in UCS - Univention GmbH - Univention Summit 2022
Barrierefreiheit in UCS - Univention GmbH - Univention Summit 2022Univention GmbH
 
Digitale Souveränität für die zivile Seenotrettung von Sea-Watch - Sea-Watch ...
Digitale Souveränität für die zivile Seenotrettung von Sea-Watch - Sea-Watch ...Digitale Souveränität für die zivile Seenotrettung von Sea-Watch - Sea-Watch ...
Digitale Souveränität für die zivile Seenotrettung von Sea-Watch - Sea-Watch ...Univention GmbH
 
Schulische Lernplattformen in Deutschland - Institut für Informationsmanageme...
Schulische Lernplattformen in Deutschland - Institut für Informationsmanageme...Schulische Lernplattformen in Deutschland - Institut für Informationsmanageme...
Schulische Lernplattformen in Deutschland - Institut für Informationsmanageme...Univention GmbH
 
Technologie in der Schule: Ein Projektüberblick & Beratungsansatz der Bechtle...
Technologie in der Schule: Ein Projektüberblick & Beratungsansatz der Bechtle...Technologie in der Schule: Ein Projektüberblick & Beratungsansatz der Bechtle...
Technologie in der Schule: Ein Projektüberblick & Beratungsansatz der Bechtle...Univention GmbH
 
UCS@school Roadmap 2022 - Univention GmbH - Univention Summit 2022
UCS@school Roadmap 2022 - Univention GmbH - Univention Summit 2022UCS@school Roadmap 2022 - Univention GmbH - Univention Summit 2022
UCS@school Roadmap 2022 - Univention GmbH - Univention Summit 2022Univention GmbH
 
BILDUNGSLOGIN: Mit zwei Klicks die ganze Bandbreite digitaler Bildungsmedien ...
BILDUNGSLOGIN: Mit zwei Klicks die ganze Bandbreite digitaler Bildungsmedien ...BILDUNGSLOGIN: Mit zwei Klicks die ganze Bandbreite digitaler Bildungsmedien ...
BILDUNGSLOGIN: Mit zwei Klicks die ganze Bandbreite digitaler Bildungsmedien ...Univention GmbH
 
Schule digital neu denken - Schulstiftung der Ev.-Luth. Landeskriche Sachsens...
Schule digital neu denken - Schulstiftung der Ev.-Luth. Landeskriche Sachsens...Schule digital neu denken - Schulstiftung der Ev.-Luth. Landeskriche Sachsens...
Schule digital neu denken - Schulstiftung der Ev.-Luth. Landeskriche Sachsens...Univention GmbH
 
UCS Roadmap 2022 - Univention GmbH - Univention Summit 2022
UCS Roadmap 2022 - Univention GmbH - Univention Summit 2022UCS Roadmap 2022 - Univention GmbH - Univention Summit 2022
UCS Roadmap 2022 - Univention GmbH - Univention Summit 2022Univention GmbH
 
Shift happens! Let's create a better IT now! - UNivention GmbH - Univention S...
Shift happens! Let's create a better IT now! - UNivention GmbH - Univention S...Shift happens! Let's create a better IT now! - UNivention GmbH - Univention S...
Shift happens! Let's create a better IT now! - UNivention GmbH - Univention S...Univention GmbH
 
Einführung eines zentralen IDM auf Basis der hessischen Landesdatenbank LUSD ...
Einführung eines zentralen IDM auf Basis der hessischen Landesdatenbank LUSD ...Einführung eines zentralen IDM auf Basis der hessischen Landesdatenbank LUSD ...
Einführung eines zentralen IDM auf Basis der hessischen Landesdatenbank LUSD ...Univention GmbH
 
Sie serverlose Schule - Stadt Norderstedt - Univention Summit 2022
Sie serverlose Schule - Stadt Norderstedt - Univention Summit 2022Sie serverlose Schule - Stadt Norderstedt - Univention Summit 2022
Sie serverlose Schule - Stadt Norderstedt - Univention Summit 2022Univention GmbH
 
Digital Souveräne Collaboration mit Nextcloud - Nextcloud-Univention-Summit-2...
Digital Souveräne Collaboration mit Nextcloud - Nextcloud-Univention-Summit-2...Digital Souveräne Collaboration mit Nextcloud - Nextcloud-Univention-Summit-2...
Digital Souveräne Collaboration mit Nextcloud - Nextcloud-Univention-Summit-2...Univention GmbH
 
Enough about Gaia-X theory – Let’s shift towards real use cases! - Plusserver...
Enough about Gaia-X theory – Let’s shift towards real use cases! - Plusserver...Enough about Gaia-X theory – Let’s shift towards real use cases! - Plusserver...
Enough about Gaia-X theory – Let’s shift towards real use cases! - Plusserver...Univention GmbH
 
Get your shift together now! - agorum Software - Univention Summit 2022
Get your shift together now! - agorum Software - Univention Summit 2022Get your shift together now! - agorum Software - Univention Summit 2022
Get your shift together now! - agorum Software - Univention Summit 2022Univention GmbH
 

More from Univention GmbH (20)

Status des Rollen- und Rechtemodells in UCS und UCS@school - Daniel Tröder - ...
Status des Rollen- und Rechtemodells in UCS und UCS@school - Daniel Tröder - ...Status des Rollen- und Rechtemodells in UCS und UCS@school - Daniel Tröder - ...
Status des Rollen- und Rechtemodells in UCS und UCS@school - Daniel Tröder - ...
 
Technical Deep Dive - OpenID-Connect and OAuth 2.0 in UCS IAM - Florian Best ...
Technical Deep Dive - OpenID-Connect and OAuth 2.0 in UCS IAM - Florian Best ...Technical Deep Dive - OpenID-Connect and OAuth 2.0 in UCS IAM - Florian Best ...
Technical Deep Dive - OpenID-Connect and OAuth 2.0 in UCS IAM - Florian Best ...
 
Univention IAM and Portal for Kubernetes - Ingo Steuwer - Univention Summit 2024
Univention IAM and Portal for Kubernetes - Ingo Steuwer - Univention Summit 2024Univention IAM and Portal for Kubernetes - Ingo Steuwer - Univention Summit 2024
Univention IAM and Portal for Kubernetes - Ingo Steuwer - Univention Summit 2024
 
Keycloak as the New Identity Provider for UCS - Felix Botner & Erik Damrose -...
Keycloak as the New Identity Provider for UCS - Felix Botner & Erik Damrose -...Keycloak as the New Identity Provider for UCS - Felix Botner & Erik Damrose -...
Keycloak as the New Identity Provider for UCS - Felix Botner & Erik Damrose -...
 
Outlook on UCS 5.2 - Ingo Steuwer - Univention Summit 2024
Outlook on UCS 5.2 - Ingo Steuwer - Univention Summit 2024Outlook on UCS 5.2 - Ingo Steuwer - Univention Summit 2024
Outlook on UCS 5.2 - Ingo Steuwer - Univention Summit 2024
 
Wohin entwickelt sich UCS? Ingo Steuwer - Univention Summit 2022
Wohin entwickelt sich UCS? Ingo Steuwer - Univention Summit 2022Wohin entwickelt sich UCS? Ingo Steuwer - Univention Summit 2022
Wohin entwickelt sich UCS? Ingo Steuwer - Univention Summit 2022
 
Barrierefreiheit in UCS - Univention GmbH - Univention Summit 2022
Barrierefreiheit in UCS - Univention GmbH - Univention Summit 2022Barrierefreiheit in UCS - Univention GmbH - Univention Summit 2022
Barrierefreiheit in UCS - Univention GmbH - Univention Summit 2022
 
Digitale Souveränität für die zivile Seenotrettung von Sea-Watch - Sea-Watch ...
Digitale Souveränität für die zivile Seenotrettung von Sea-Watch - Sea-Watch ...Digitale Souveränität für die zivile Seenotrettung von Sea-Watch - Sea-Watch ...
Digitale Souveränität für die zivile Seenotrettung von Sea-Watch - Sea-Watch ...
 
Schulische Lernplattformen in Deutschland - Institut für Informationsmanageme...
Schulische Lernplattformen in Deutschland - Institut für Informationsmanageme...Schulische Lernplattformen in Deutschland - Institut für Informationsmanageme...
Schulische Lernplattformen in Deutschland - Institut für Informationsmanageme...
 
Technologie in der Schule: Ein Projektüberblick & Beratungsansatz der Bechtle...
Technologie in der Schule: Ein Projektüberblick & Beratungsansatz der Bechtle...Technologie in der Schule: Ein Projektüberblick & Beratungsansatz der Bechtle...
Technologie in der Schule: Ein Projektüberblick & Beratungsansatz der Bechtle...
 
UCS@school Roadmap 2022 - Univention GmbH - Univention Summit 2022
UCS@school Roadmap 2022 - Univention GmbH - Univention Summit 2022UCS@school Roadmap 2022 - Univention GmbH - Univention Summit 2022
UCS@school Roadmap 2022 - Univention GmbH - Univention Summit 2022
 
BILDUNGSLOGIN: Mit zwei Klicks die ganze Bandbreite digitaler Bildungsmedien ...
BILDUNGSLOGIN: Mit zwei Klicks die ganze Bandbreite digitaler Bildungsmedien ...BILDUNGSLOGIN: Mit zwei Klicks die ganze Bandbreite digitaler Bildungsmedien ...
BILDUNGSLOGIN: Mit zwei Klicks die ganze Bandbreite digitaler Bildungsmedien ...
 
Schule digital neu denken - Schulstiftung der Ev.-Luth. Landeskriche Sachsens...
Schule digital neu denken - Schulstiftung der Ev.-Luth. Landeskriche Sachsens...Schule digital neu denken - Schulstiftung der Ev.-Luth. Landeskriche Sachsens...
Schule digital neu denken - Schulstiftung der Ev.-Luth. Landeskriche Sachsens...
 
UCS Roadmap 2022 - Univention GmbH - Univention Summit 2022
UCS Roadmap 2022 - Univention GmbH - Univention Summit 2022UCS Roadmap 2022 - Univention GmbH - Univention Summit 2022
UCS Roadmap 2022 - Univention GmbH - Univention Summit 2022
 
Shift happens! Let's create a better IT now! - UNivention GmbH - Univention S...
Shift happens! Let's create a better IT now! - UNivention GmbH - Univention S...Shift happens! Let's create a better IT now! - UNivention GmbH - Univention S...
Shift happens! Let's create a better IT now! - UNivention GmbH - Univention S...
 
Einführung eines zentralen IDM auf Basis der hessischen Landesdatenbank LUSD ...
Einführung eines zentralen IDM auf Basis der hessischen Landesdatenbank LUSD ...Einführung eines zentralen IDM auf Basis der hessischen Landesdatenbank LUSD ...
Einführung eines zentralen IDM auf Basis der hessischen Landesdatenbank LUSD ...
 
Sie serverlose Schule - Stadt Norderstedt - Univention Summit 2022
Sie serverlose Schule - Stadt Norderstedt - Univention Summit 2022Sie serverlose Schule - Stadt Norderstedt - Univention Summit 2022
Sie serverlose Schule - Stadt Norderstedt - Univention Summit 2022
 
Digital Souveräne Collaboration mit Nextcloud - Nextcloud-Univention-Summit-2...
Digital Souveräne Collaboration mit Nextcloud - Nextcloud-Univention-Summit-2...Digital Souveräne Collaboration mit Nextcloud - Nextcloud-Univention-Summit-2...
Digital Souveräne Collaboration mit Nextcloud - Nextcloud-Univention-Summit-2...
 
Enough about Gaia-X theory – Let’s shift towards real use cases! - Plusserver...
Enough about Gaia-X theory – Let’s shift towards real use cases! - Plusserver...Enough about Gaia-X theory – Let’s shift towards real use cases! - Plusserver...
Enough about Gaia-X theory – Let’s shift towards real use cases! - Plusserver...
 
Get your shift together now! - agorum Software - Univention Summit 2022
Get your shift together now! - agorum Software - Univention Summit 2022Get your shift together now! - agorum Software - Univention Summit 2022
Get your shift together now! - agorum Software - Univention Summit 2022
 

Recently uploaded

Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...OnePlan Solutions
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaHanief Utama
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
Xen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfXen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfStefano Stabellini
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesŁukasz Chruściel
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based projectAnoyGreter
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024StefanoLambiase
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
How to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdfHow to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdfLivetecs LLC
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样umasea
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Hr365.us smith
 

Recently uploaded (20)

Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
Xen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfXen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdf
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New Features
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based project
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
How to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdfHow to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdf
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)
 

Modular IAM Stack for Containers

  • 1. Modularity and IAM Stack Container Strategy in UCS Arvid Requate Univention GmbH requate@univention.de
  • 2. From UCS Appliance to Service Oriented IAM Architecture ● UCS Appliance: Debian based Operating System ● Appcenter: simple domain wide deployment and integration of services ● UCS core value lies in IAM and related APIs ● Operation in data centers demands containerization
  • 3. Goals ● Deployment in modern data center environments and cloud services ● Focus on service, separation from platform ● Standardized deployment ● Scalability and High Availability of Univention Management Stack ● Each module shall be deployed in several instances ● API first ● User interfaces consume those APIs ● Decoupling of development areas ● Deployment on arbitrary (Linux) operating systems (with tradeoffs re: scalability)
  • 4. Target platforms ● Kubernetes as CaaS Plattform ● Sovereign Cloudstack ● Partner datacenters, e.g. Phoenix ● Classic Linux Servers ● UCS appliance (Debian) ● Other Linux distributions
  • 5. Sovereign Cloud Stack (SCS): open source reference plattform ● CSP datacenters provide IaaS (e.g. OpenStack) and CaaS (Kubernets) ● Sovereign Cloud Stack aims to be open source reference implementation ● „Openstack based Distribution for CSPs“ ● Univention Management Stack shall be deployable on Kubernetes / SCS. ● Current state: ● Containerized OpenLDAP as default IAM backend store for Keycloak ● Keycloak as main layer for federation between IdPs
  • 6. Services oriented IAM architecture ● The building blocks: Containerized IAM Services ● UCS Portal ● Univention Management Console (UMC) ● UDM-REST API ● SSO with federation ● OpenLDAP ● Provisioning
  • 7.
  • 8.
  • 9. API First ● Univention Directory Manager simplifies IAM ● Abstracts from LDAP specific implementation details ● UDM-REST-API as primary entry point ● Taking the UDM Python API to a HTTP based service architecture ● Univention Management Console (UMC) uses that REST-API ● Access to interfaces (APIs) can be load balanced ● Horizontal scalability
  • 10.
  • 11.
  • 12. SSO: Integration of Keycloak in UCS ● OpenID Connect & SAML in one solution ● Federation options to external IdPs ● LDAP „user federation“, Keycloak only holding „shadow“ accounts ● Basic 2FA options ● Containerized operation with HTTP configuration API ● Keycloak 18 (Keycloak-X architecture) with UCS themed login screen ● First class IAM component, enhancing OpenLDAP
  • 13. SSO: Keycloak User Federation + Ad-Hoc provisioning First Broker Login Flow Keycloak SSO Entrypoint MS ADFS First User Access
  • 14. SSO: Keycloak App in Appcenter ● Keycloak container will be offered as optional app ● Alternative to simpleSAMLphp and Kopano Konnect ● Later: HA integration suitable as full replacement for UCS SSO ● We need that component for the data center ● And also directly build it into the UCS appliance ● Goal: Keycloak as standard IdP for UCS appliance and data center
  • 15. Challenges ● Service orchestration, configuration and discovery in Kubernetes ● LDAP schema & ACL extensions ● Live update via cn=Config ● Persistence of reference configuration for re-provisioning ● Cattle vs Pet ● Robust & efficient scaling of LDAP – Testing, testing, testing... ● High availability for Primary: Multiprovider replication ● UDM-Rest as sole authorized writer, UID allocator
  • 16. Thanks for you attention! Arvid Requate Univention GmbH requate@univention.de
  • 17. Appendix (if time permits)
  • 18. Rethinking service provisioning ● UDM-REST-API as primary entry point 1) Writes to Identity Store via LDAP 2) Feeds events into queueing system ● Containerized workers 1) Consume events from queue 2) provision Apps and external Services ● In contrast: Listener modules used to be fed by LDAP
  • 19. Rethinking LDAP replication ● Let OpenLDAP handle replication of LDAP data natively ● syncrepl: LDAP Content Synchronization (RFC4533) ● Allows: High-Availability with Multiprovider replication ● Listener/Notifier can be phased out ● Translog ● Listener cache