Shibboleth IdP for Single Sign-On with Kubernetes and Persistent Volume Longhorn

Abstract

Many organizations do not use centralized user authorization with Single Sign-On (SSO) Management to seamlessly move from one system to another. The same thing also occurred at Universitas Islam Indonesia (UII). Students were having trouble login in from one web service to another. The Board of Information Systems of UII, or Badan Sistem Informasi (BSI), implements SSO to avoid this problem. However, after BSI implemented SSO on the virtual machine, it turned out that the server load became too high. A spiking number of user logins happened in a short period. The centralized system could not handle this. The research's solution is to use a clustered service using Shibboleth IdP. The Shibboleth IdP customization can be carried out to be deployed into the Kubernetes cluster infrastructure ecosystem to meet the needs of authentication login on the business processes at UII. The Shibboleth IdP itself will be equipped with a persistent storage longhorn to support and maintain the service and avoid a single point of failure. The Kubernetes and Persistent Volume Longhorn provide a redundancy function in an application and a more flexible replication process. Inside Kubernetes, there is containerization technology. It was used to optimize the server's resources instead of replicating the application using virtual machines. With the use of centralized login by Shibboleth IdP and persistent storage longhorn, the error because of server load could be minimized. The downtime of the downed services can also be reduced. The research also proves that using Kubernetes and Persistent Volume Longhorn could help the system by preventing a Single Point of Failure using its redundancy function.