As applications grow and users multiply, managing authentication becomes tricky. That’s where Red Hat Single Sign-On (RHSSO) steps in. It helps you connect multiple identity sources—whether they’re corporate directories or social logins—so your users can sign in with what they already use.
In this blog, we’ll break down two core RHSSO features: Identity Brokering and User Federation, and how to use them to secure your apps in a smart, scalable way.
What Is Red Hat SSO?
RHSSO is Red Hat’s enterprise-ready version of Keycloak, an open-source identity and access management solution. It provides:
Single Sign-On (SSO)
Identity Brokering
User Federation
Role-based Access Control (RBAC)
Integration with OAuth2, OIDC, SAML, and more
Now, let’s focus on the identity part.
What is Identity Brokering?
Think of Identity Brokering as a way to let users log in with external identity providers (IDPs) like:
GitHub
Azure AD
Any OpenID Connect or SAML provider
Example Use Case:
You have an internal app and want users to log in using their Google accounts or their company Azure AD credentials. Instead of creating new accounts in your app, you broker that login through RHSSO.
How It Works:
RHSSO acts as the “middleman” between your app and the identity provider.
Users click “Login with Google.”
RHSSO handles the authentication handshake with Google.
Once authenticated, RHSSO creates a local user session and gives access to your app.
What is User Federation?
User Federation connects RHSSO directly to your existing user directory—like an LDAP or Active Directory system.
Instead of copying or migrating users, RHSSO authenticates against the source in real-time.
Example Use Case:
Your organization has users stored in Microsoft Active Directory. You want those users to log into an RHSSO-secured app without managing separate credentials.
How It Works:
RHSSO connects to your LDAP/AD server.
When a user logs in, RHSSO queries that source to validate the credentials.
RHSSO creates a “linked” local user (no duplication) and keeps the password checks in AD.
Combining Identity Brokering and Federation
You’re not limited to just one method. RHSSO supports mixing and matching both.
Let’s say:
Internal employees use Active Directory via federation.
Partners log in via Google.
Contractors use GitHub.
You can offer all options on a single login page and let RHSSO handle it.
How to Set This Up
Set Up a Realm
Realms are isolated user spaces in RHSSO. Create a new realm for your app or environment.Add an Identity Provider (Brokering)
Go to “Identity Providers” in RHSSO Admin Console.
Choose Google, GitHub, or a custom OIDC/SAML provider.
Enter the required credentials and scopes.
- Configure User Federation Go to “User Federation” tab.
Choose LDAP.
Add your connection settings (host, base DN, bind DN, credentials).
Save and sync.
- Secure Your Application Use RHSSO’s OIDC or SAML client adapter.
Register your application as a “Client” in RHSSO.
Your app redirects login requests to RHSSO.
Final Thoughts
RHSSO gives you flexibility. Whether your users are on Active Directory, Google, or GitHub, you can bring them under one roof. No need to juggle passwords or build your own login screens—just broker, federate, and secure.
Want your apps to scale smartly with user growth? Identity Brokering and User Federation are your go-to tools in RHSSO.
Looking to get hands-on?
Set up a test RHSSO server and try logging into your demo app with a social login and LDAP. You’ll be surprised how fast it all comes together.
For more info, Kindly follow: Hawkstack Technologies
Top comments (0)