Request for Enhancement (RFE): OpenID Connect (OIDC) Support in IBM Sterling Secure Proxy (SSP)
1. Introduction
This RFE proposes an enhancement to IBM Sterling Secure Proxy (SSP) to include support for OpenID Connect (OIDC) authentication. OIDC is a modern identity layer built on top of the OAuth 2.0 protocol, providing a more secure and flexible approach to authentication than traditional methods.
2. Current Situation
Currently, SSP supports various authentication mechanisms, including LDAP, RADIUS, and SAML. While these methods are widely used, they often lack the modern security features and interoperability offered by OIDC.
3. Proposed Enhancement
We request that SSP be enhanced to support OIDC authentication. This would involve:
OIDC Provider Integration: Allow SSP to act as a relying party (RP) and connect to various OIDC providers (e.g., Azure AD, Okta, Auth0).
Token Handling: Enable SSP to receive and validate ID tokens, potentially using them for authorization decisions.
Configuration: Provide administrators with a user-friendly interface to configure OIDC settings, including provider details, client ID, and scopes.
4. Benefits of OIDC Support
Implementing OIDC support in SSP offers several advantages:
Enhanced Security: OIDC leverages modern security standards like JSON Web Tokens (JWT) and provides features like token revocation and refresh, improving overall security posture.
Improved User Experience: OIDC enables single sign-on (SSO) and reduces password fatigue, leading to a smoother user experience.
Increased Interoperability: OIDC is an open standard, promoting interoperability with a wide range of applications and identity providers.
Future-Proofing: OIDC is the industry trend for modern authentication and authorization, ensuring SSP remains relevant and compatible with emerging technologies.
Centralized Identity Management: OIDC facilitates centralized identity management, simplifying user provisioning and access control.
5. Use Cases
OIDC support in SSP would benefit various use cases, including:
Securing APIs: Protect APIs by requiring OIDC authentication for access.
Partner Integration: Enable secure access for partners using their own identity providers.
Mobile Application Access: Secure mobile application access through OIDC integration.
Cloud-Native Deployments: Support modern cloud-native deployments with OIDC-based authentication.
6. Conclusion
Adding OIDC support to IBM Sterling Secure Proxy is crucial for enhancing its security, usability, and interoperability in today's evolving digital landscape. This enhancement would align SSP with modern authentication standards and provide significant benefits to organizations relying on it for secure access to their applications and data.
Thank you for taking the time to provide your ideas to IBM. We appreciate your willingness to share details about your experience and your recommendations. After reviewing this we have decided to consider to implement this idea in one of the future releases based on the roadmap priorities.
If you have any additional feedback, thoughts or ideas, or if there is anything else I can do, please do not hesitate to reply to this message to continue the conversation. Appreciate your patience.
Thanks,
Product Management
I can see how this would make it easier for customers who use the IBM Sterling proxy to have it call out to ISV for authentication.