User security and session management

Single sign-on

NSP single sign-on (SSO) provides a common security framework for all supported NSP functions and services. NSP SSO is based on OAUTH2, which is based on the Keycloak open-source identity and access management solution, and uses the standard OAuth 2.0 protocol.

OAUTH2 supports local user management and external authentication agents such as LDAPS, RADIUS, and TACACS+ servers. The NSP does not support authentication against an NFM-P local user database, but includes a utility for importing users from an NFM-P local user database.

In addition to user access control, the NSP provides user session management and activity logging. See Activity logging and the NSP System Administrator Guide for more information.

Kafka authentication

All Kafka communication is secured by default using TLS. Additionally, you can enable authentication for internal and external Kafka clients. Internal and external Kafka authentication are independent of each other, and are enabled and configured separately.

Internal Kafka authentication for communication among NSP subsystems uses mTLS two-way authentication.

External Kafka authentication requires NSP user credentials and OAUTH2 authentication mode.

See the NSP Installation and Upgrade Guide for information about configuring internal and external Kafka authentication.