Publicação
Autenticação Federada com Keycloak e Active Directory
| Resumo: | This dissertation is set in the context of the Informatics Department (DI) of the Faculty of Sciences, University of Lisbon, whose current infrastructure — based on an on-premises Active Directory (AD) — presents limitations in terms of resilience, interoperability, and support for modern authentication protocols. In a scenario of growing cloud adoption and the need for federated access to external applications, it becomes essential to modernize the Identity and Access Management (IAM) system and ensure the continuity of critical services. To address these challenges, a federated authentication solution was designed, integrating the existing AD with Keycloak, an open-source IAM platform, within a hybrid architecture. Two architectural hypotheses were implemented and evaluated: (i) Keycloak instances sharing a PostgreSQL database managed by Patroni, ensuring consistency and automatic failover; and (ii) independent Keycloak instances, each with its own database, federating the same AD. Experimental load tests revealed average response times between 0.48 s and 1.1s, error rates below 0.5%, and throughput up to 90 requests per second — values consistent with a smooth and responsive user experience. Results show that both approaches are feasible: the first excels in robustness and data consistency, while the second stands out for its operational simplicity and lower complexity. This comparative analysis provides valuable insights for adopting hybrid IAM solutions in institutional contexts, combining security, scalability, and interoperability across on-premises and cloud environments. |
|---|---|
| Autores principais: | Teta,João Lucas |
| Assunto: | Federated Authentication Keycloak Active Directory IAM Hybrid Infrastructure |
| Ano: | 2025 |
| País: | Portugal |
| Tipo de documento: | dissertação de mestrado |
| Tipo de acesso: | acesso aberto |
| Instituição associada: | Universidade de Lisboa |
| Idioma: | português |
| Origem: | Repositório da Universidade de Lisboa |
| Resumo: | This dissertation is set in the context of the Informatics Department (DI) of the Faculty of Sciences, University of Lisbon, whose current infrastructure — based on an on-premises Active Directory (AD) — presents limitations in terms of resilience, interoperability, and support for modern authentication protocols. In a scenario of growing cloud adoption and the need for federated access to external applications, it becomes essential to modernize the Identity and Access Management (IAM) system and ensure the continuity of critical services. To address these challenges, a federated authentication solution was designed, integrating the existing AD with Keycloak, an open-source IAM platform, within a hybrid architecture. Two architectural hypotheses were implemented and evaluated: (i) Keycloak instances sharing a PostgreSQL database managed by Patroni, ensuring consistency and automatic failover; and (ii) independent Keycloak instances, each with its own database, federating the same AD. Experimental load tests revealed average response times between 0.48 s and 1.1s, error rates below 0.5%, and throughput up to 90 requests per second — values consistent with a smooth and responsive user experience. Results show that both approaches are feasible: the first excels in robustness and data consistency, while the second stands out for its operational simplicity and lower complexity. This comparative analysis provides valuable insights for adopting hybrid IAM solutions in institutional contexts, combining security, scalability, and interoperability across on-premises and cloud environments. |
|---|