This is one of 3 IT projects that we have successfully completed with our customers.

How can we support you?

User data service

Project duration: 1 year

Brief description

To cover the requirements for authorization assignment, a central service is being developed that adds specific data to the authorization-relevant data returned when a user logs on. Users are logged in via the identity provider Keycloak. PTA supports the customer in implementing the backend service for managing the data. For the enrichment of the user data, PTA implements extensions for the Keycloak identity provider.

Supplement

In principle, users are maintained in the SIAM application. However, not all attributes required for assigning authorizations in applications can be maintained there. SIAM notifies the user data service of all changes to the user data via the Solace message broker. These are partially enriched automatically via predefined rules. Additional data is entered manually via a web application. Users are logged in via the identity provider Keycloak, with the actual authentication via SSO being performed by SIAM. Keycloak returns a token (JWT) with the user's attributes after successful login. A part of the user attributes consists of lists of values, which Keycloak cannot store due to their size. For this purpose, PTA develops an extension to Keycloak that retrieves the data from the user data service and stores it in the token.

Subject description

The existing concept of roles and groups in SIAM is not sufficient for the assignment of user authorizations, since authorizations must sometimes be assigned down to the level of data such as material groups or countries.

Overview

Project period01.01.2022 - 31.12.2022

Have we sparked your interest?

Marcus Rödiger

Retail sector manager

Jetzt Kontakt aufnehmen

Zum Umgang mit den hier erhobenen Daten informieren wir in unserer Datenschutzerklärung.

Contact now

We provide information on the handling of the data collected here in our privacy policy.

Download file

We provide information on the handling of the data collected here in our privacy policy.