Kubernetes and Tanzu Ramblings: Managing SSO for Applications with TAP 1.6

Managing single sign-on (SSO) for applications can be a complex task, but the latest release of TAP (Tanzu Application Platform) 1.6 has introduced several new features that make it easier and more streamlined. In this blog post, we’ll explore the main changes in AppSSO with TAP 1.6 and how they can help with SSO integration.

Simplified API and Claim Mappings Support

One of the major improvements in TAP 1.6 is the simplified API for AppSSO. The new API is more portable and easily promotable between environments without changes to the spec, supporting a GitOps approach. This new API also exposes an AuthServer as a ready-to-claim AppSSO service offering, making it easy for developers to create new clients for an auth server on demand.

Another exciting feature in TAP 1.6 is custom claim mappings support. With this capability, service operators can control which claims appear in an Auth Server issued ID Token and how to obtain this value from an upstream identity provider. This feature is extremely powerful and opens up awesome opportunities for integrations.

Internal Unsafe IDPs and Custom Roles

AppSSO also supports internal unsafe IDPs in an auth server, making it easy to simulate real-world test cases even when using an internal unsafe IDP. Additionally, the token expiry settings can be configured at a per-auth server level for access, id, and refresh tokens, providing more security and tunability for whatever the security team requires.

In conclusion, TAP 1.6 has introduced several new features that make AppSSO integration easier and more streamlined. With custom claim mappings support and improved token expiry settings, AppSSO is now more powerful and secure than ever before. Subscribe now to keep reading and get access to the full archive.

Type your email address: