The interoperability of OIDC and OAuth 2.0 allows for the integration of external identity providers. An identity provider is usually based on a specific protocol that is used to communicate authentication and authorization information to their end-users. It can be a social provider such as ORCID or Github, it can be an internal service such as Tapis or it can be a business level service like EGI Check-in or EOSC’s ELIXIR .

When using Keycloak as an identity broker, users are not forced to provide their credentials in order to authenticate in a specific realm. Instead, they are presented with a list of identity providers from which they can authenticate when they land on the login page.

The iReceptor Plus project is currently researching integrations with:

• EGI Check-in
• ELIXIR
• TAPIS
• ORCID