Moving authentication from a single provider to all the socials!

As OpenStack emerged in 2010 the community infrastructure needed to authenticate community members. As many of those community members already used Ubuntu and Canonical, provided Ubuntu One as and Identity Provider, it was a natural fit. Fast forward 15(ish) years. OpenStack becomes OpenInfra and the tools to support a single project, now need to support several aligned technologies on a single platform, OpenDev. It just makes sense to broaden the pool of Identity providers to best align with each project, and as a bonus avoid a single point of failure. To that end the OpenDev sysadmins have begun integrating Keycloak as an Identity broker, and authorisation provider. This is a great success for "green fields" tools but the catch? Well there are several; Keycloak doesn't support OpenID (which is the protocol provided by Ubuntu One); there is no trivial tool for establishing the pre-existing mappings needed to ensure developers can keep ... developing and last but by no means least Keycloak is written in Java (you may not know this but Java isn't Python!)

Join the OpenDev Sysadmins on the journey through the maze of jargon, OpenID, OpenID Connect, OAuth, tools Java, Maven, Quarkus as they find the path from problem to solution.