We are setting up connection to our XDMoD, following the guide in the 1.8 release notes.
One thing that Steve, our admin who runs the Keycloak noted, is to add where the Keycloak security setting is. He found it at:
Realm->Master->Security Defenses->Headers->Content-Security-Policy
Perhaps it’d be good to add it to the documentation?
Now we seem to be stuck at the authentication with XDMoD. We use simplesamlphp to campus CAS in XDMoD and Keycloak in OOD. Do we need to move XDMoD to Keycloak to use the same SSO? Or any other useful pointers in this regard?
The only way I know to do SSO with OOD and XDMOD is for them to have the same backing IDP like Keycloak. Because Keycloak supports SAML and OIDC , that’s what we do at OSC is having both systems authenticate with Keycloak.
If your campus system was SAML or OIDC there might be a way to authenticate with campus credentials in Keycloak by setting your campus as Identity Broker IIRC but I do not think Keycloak supports CAS for identity brokering. We do something similar at OSC so that users can authenticate through CILogon using Keycloak rather than forcing them to authenticate against our local LDAP backing Keycloak.
No progress there but there is a discussion on a plan. I don’t think you need to worry about this, our admins will sort it out, it sounds to me that they know what needs to be done.