Red Hat Single Sign-On (RH-SSO)

RH-SSO is a Java-based IdP/authorization server (Keycloak distribution) that issues OIDC ID tokens/OAuth 2.0 access tokens and SAML 2.0 assertions. It integrates with LDAP/Active Directory, supports identity brokering to external IdPs, and offers admin/developer tooling.

Key Capabilities

  • Standards-based federation: Acts as OIDC/OAuth 2.0 provider and SAML 2.0 IdP/SP; server/admin guides cover deployment and securing apps.

  • Directory & brokering: Connects to LDAP/AD; can delegate auth to social or enterprise IdPs.

  • Enterprise packaging & ops: RH-SSO 7.x runs on JBoss EAP with clustering, caches, and adapters documented; RHBK introduces cloud-native packaging and current platform guidance.

  • Successor product (RHBK): Red Hat states RHBK replaces future RH-SSO releases and provides versioned docs (install, migrate, manage) and lifecycle terms.

Limitations

  • Lifecycle: RH-SSO 7.6 is the last planned feature release; customers should plan migration to RHBK. (Extended/maintenance details are per Red Hat policy.)

  • Operational model: RH-SSO is customer-managed software (Web/App server, clustering, upgrades). RHBK improves packaging but remains self-hosted unless paired with managed offerings.

  • Advanced OAuth profiles: Public RH-SSO/RHBK docs focus on core OAuth/OIDC; not enough public information to confirm built-in PAR, DPoP, or mTLS-bound tokens coverage for all versions.

  • Adapter/runtime variance: Older app-server adapters are tied to specific stacks (e.g., JBoss/WildFly); verify supported adapters or use standards-based libraries where possible.

Customer Identity, Simplified.

No Complexity. No Limits.
Thousands of businesses trust LoginRadius for reliable customer identity. Easy to integrate, effortless to scale.

See how simple identity management can be. Start today!
Free Trial
Contact Sales