Single Sign-On (SSO) Implementation Using Keycloak, RADIUS, LDAP, and PacketFence for Network Access

Abstract

The increasing demand for secure, seamless authentication mechanisms in public and private networks has fueled the need for more robust network access control (NAC) systems, as well as Single Sign-On (SSO) which is critical for organizations that require seamless and secure access across different platforms. This paper explores SSO in a fully open source implementations with Keycloak, RADIUS and LDAP; extending to captive portal implementations with PacketFence for Wi-Fi authentication. Specifically, this paper highlights the integration of PacketFence with FreeRADIUS for captive portal authentication, leveraging Keycloak for identity management and providing users with secure Wi-Fi access. Real-world examples, such as authenticating campus network users over Wi-Fi with 802.1X and captive portals, illustrate how these systems work in tandem to provide scalable and secure network access control. Testing showed up to 500 concurrent users with stable performance, minimal latency at a case study university. Key performance metrics included response times below 30ms.