Skip to content

Replace Keycloak with Enrico's "SSO" #132

New issue
New issue
Open
Open
Replace Keycloak with Enrico's "SSO"#132
Assignees
LajosCseppento
@LajosCseppento

Description

@LajosCseppento
LajosCseppento
opened on Aug 15, 2025

CERN IT requested to reduce the number of login forms, Bartek and Enrico recommends to use Enrico's app for this.

https://yccres-dev2.app.cern.ch/app/res/login?action=3rd-party-login&client=HELPER_APP

Redirects to
https://ycc.app.cern.ch/external_login?logon_id=bravin&token=...

# Enrico also created HELPER_APP_TEST, HELPER_APP_DEV, HELPER_APP_LOCAL

Then, in the backend, use Enrico's application to validate/check tokens.

This also means that Keycloak will be gone, with all the things it does currently, such as

  1. Validating / refreshing tokens => no refresh now, backend validates with calling Enrico's API
  2. No roles are sent by Keycloak, need an alternative solution (what keys does the user have, is it an editor/admin) => extra work on the backend
  3. No frontend library is available => need to manually develop the required functionality
  4. Last, but not least, it needs to be thoroughly tested that all the redirects etc work as expected (since the KC library in the past takes care of a lot of edge cases)

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions