Skip to content

Authentication

CyVerse Authentication via Keycloak, CILogon, & OAUTH

sequenceDiagram
  autonumber
  User->>Browser: Click on external Auth
  Browser-->>Keycloak: Authentication request (TOKEN)
  loop
      Keycloak-->>Browser: Browser opened with ../auth?=client_id=de-prod=TOKEN
  end
  Keycloak-->>CILogon: Auth Request
  User->>CILogon: Enter Credentials
  Keycloak-->>OAUTH: Auth Response
  CILogon-->>Keycloak: Auth Response
  Browser-->>OAUTH: Ask for Token
  OAUTH-->>Browser: Retrieve Token

Mermaid Diagram Users authenticate (starting on left side) via their browser, which passes through Keycloack to either CILogon or OAUTH.

Keycloak service manages authenticaation via CILogon and OAUTH.

Keycloak

Keycloak is provisioned and deployed as part of the main K8s

Keycloak provisioning with K8s