User security and session management

Single-sign-on

The NSP single-sign-on (SSO) mechanisms enable a common security framework for all supported NSP functions and services. NSP supports authentication against local and external authentication agents such as LDAP, RADIUS, or TACACS+ servers.

In addition to user access control, the NSP provides user session management and activity logging. See Activity logging and the NSP System Administrator Guide for more information.

OAUTH2 user authentication

OAUTH2 is a Single Sign-On (SSO) authentication mode based on the Keycloak open-source identity and access management solution using standard OAuth 2.0 protocol. The OAUTH2 mode supports local user management and external authentication agents, but does not support authentication against an NFM-P local user database. The NSP includes a utility for importing users from an NFM-P local user database for the migration from CAS to OAUTH2.

CAS user authentication

CAS, the legacy NSP authentication module, is an open-source SSO solution that supports local user authentication against an NFM-P local user database, if the NSP deployment includes the NFM-P. CAS also supports external authentication agents.

Kafka authentication

All Kafka communication is secured by default using TLS. Additionally, you can enable authentication for internal and external Kafka clients. Internal and external Kafka authentication are independent of each other, and are enabled and configured separately.

Internal Kafka authentication for communication among NSP subsystems uses mTLS two-way authentication.

External Kafka authentication requires NSP user credentials and OAUTH2 authentication mode.

See the NSP Installation and Upgrade Guide for information about configuring internal and external Kafka authentication.