Single Sign On Using Keycloak Integrated Public Key Infrastructure for User Authentication In Indonesia’s Electronic Based Government System

Advance Sustainable Science Engineering and Technology Pub Date : 2023-07-31 DOI:10.26877/asset.v5i2.15795

W. Hermawan

{"title":"Single Sign On Using Keycloak Integrated Public Key Infrastructure for User Authentication In Indonesia’s Electronic Based Government System","authors":"W. Hermawan","doi":"10.26877/asset.v5i2.15795","DOIUrl":null,"url":null,"abstract":"The government in carrying out its function as a public administration servant is regulated in law of the Republic of Indonesia number 25/2009 on public services. In this regulated about electronic government (e-government), many individuals use various web applications that require users to authenticate themselves to access each application. Many entities require various web- based applications for operational activities. This makes centralized access management for web-based applications very much needed. Currently, access management is often implemented using Single Sign On (SSO) with password authentication method. Security considerations arise against the use of passwords. This is because passwords have a vulnerability to brute forcing using a password list, and human nature often uses repeated or uncomplicated passwords. There is an alternative authentication method, namely Mutual TLS which utilizes Public Key Infrastructure (PKI). Users authenticate with X.509 digital certificates, so the authentication factor becomes something you have. This research aims to implement an integrated PKI SSO system and RBAC access automation. The approach of this project is research, design, implementation, and testing. The entire system is built with open-source software and implemented on a cloud infrastructure. The system has three subsystems, namely registration, login and RBAC access automation. All subsystems are tested according to the specified flow. The test results show that the registration subsystem has been successfully carried out as evidenced by the success of filling in personal data, approval flow, and downloading of certificates. The login subsystem was also successfully implemented, as evidenced by the existence of mTLS authentication with certificate validation. In testing the RBAC access automation subsystem, it is shown that the script created can perform access checks and access remediation if needed.","PeriodicalId":414022,"journal":{"name":"Advance Sustainable Science Engineering and Technology","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Advance Sustainable Science Engineering and Technology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.26877/asset.v5i2.15795","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

The government in carrying out its function as a public administration servant is regulated in law of the Republic of Indonesia number 25/2009 on public services. In this regulated about electronic government (e-government), many individuals use various web applications that require users to authenticate themselves to access each application. Many entities require various web- based applications for operational activities. This makes centralized access management for web-based applications very much needed. Currently, access management is often implemented using Single Sign On (SSO) with password authentication method. Security considerations arise against the use of passwords. This is because passwords have a vulnerability to brute forcing using a password list, and human nature often uses repeated or uncomplicated passwords. There is an alternative authentication method, namely Mutual TLS which utilizes Public Key Infrastructure (PKI). Users authenticate with X.509 digital certificates, so the authentication factor becomes something you have. This research aims to implement an integrated PKI SSO system and RBAC access automation. The approach of this project is research, design, implementation, and testing. The entire system is built with open-source software and implemented on a cloud infrastructure. The system has three subsystems, namely registration, login and RBAC access automation. All subsystems are tested according to the specified flow. The test results show that the registration subsystem has been successfully carried out as evidenced by the success of filling in personal data, approval flow, and downloading of certificates. The login subsystem was also successfully implemented, as evidenced by the existence of mTLS authentication with certificate validation. In testing the RBAC access automation subsystem, it is shown that the script created can perform access checks and access remediation if needed.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

基于Keycloak集成公钥基础设施的印尼电子政务系统用户认证单点登录

印度尼西亚共和国关于公共服务的第25/2009号法律对政府履行公共行政服务者的职能进行了规定。在这种规范的电子政务(e-government)中，许多个人使用各种web应用程序，这些应用程序要求用户对自己进行身份验证才能访问每个应用程序。许多实体需要各种基于web的应用程序来进行业务活动。这使得基于web的应用程序非常需要集中访问管理。目前，访问管理通常采用带密码认证的单点登录(SSO)方式实现。使用密码会引起安全方面的考虑。这是因为密码存在使用密码列表进行暴力破解的漏洞，而人类通常会使用重复或不复杂的密码。有一种替代的身份验证方法，即利用公钥基础设施(PKI)的互TLS。用户使用X.509数字证书进行身份验证，因此身份验证因素成为您拥有的东西。本研究旨在实现PKI单点登录系统与RBAC访问自动化的整合。这个项目的方法是研究、设计、实现和测试。整个系统是用开源软件构建的，并在云基础设施上实现。该系统分为注册、登录和RBAC访问自动化三个子系统。所有子系统都按照规定的流程进行测试。测试结果表明，注册子系统已成功实现，个人资料的填写、审批流程、证书的下载均取得了成功。登录子系统也成功地实现了，这可以通过存在的带有证书验证的mTLS身份验证来证明。在测试RBAC访问自动化子系统时，可以看到所创建的脚本可以在需要时执行访问检查和访问修复。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Advance Sustainable Science Engineering and Technology

自引率

0.00%

发文量