MediaKey.at - Single Sign-On System using Red Hat SSO

Description

APA-Tech (part of the Austrian Press Agency Group) chose Gepardec IT Services to design and implement their new Single Sign On System using Red Hat SSO. The challenge of designing, implementing and testing one of the largest and most high performing Red Hat SSO Clusters worldwide was mastered.

Performance requirements: 100 registrations / second, 400 logins / second, 5 million users

Solution

A real DevOps team consisting of Gepardec, APA-IT Architects,  Ops and Red Hat Consulting designed the identity management system Red Hat SSO 7.x, which is the Red Hat build of the open source product Keycloak.

The System is running on a geo-redundant VMWare cluster, load balanced by a f5 load balancer. The CI/CD infrastructure ist based on Jenkins to build and deploy DEV, TEST, Customer Integration and PROD stage. The configuration of Red Hat SSO is using a GitOps based approach, making the all configuration changes traceable, revertable and reviewable.

Registration, login and account pages are highly customized, including a special Quarkus based backend running on Red Hat OpenShift für age verification. The age verification itself was implemented by using ID Austria, utilizing the OpenID connect protocol.

Lots of load testing and tuning was done to make sure the performance requirements are met.

On the operation side of things, several metrics (e.g. number of registered users, numer of logins/sec) were introduced and are now available for the whole team using a Grafana dashboard.

Benefit

• End customers have a single system where they need to register for all media partner offerings.
• The media partners have a common SSO system which enables them to track their customers regardless of the media they are accessing and optimize their offerings.
• APA-IT has a unique single sign on product offering for the Austrian market

Java / JEE

Quarkus

OpenShift

Red Hat SSO / Keycloak

Jenkins CI/CD

Angular