Identity & SSO :: Domus Digitalis

1. Overview

This documentation covers identity management and Single Sign-On (SSO) for the DomusDigitalis home enterprise network.

2. Design Philosophy

Layer	Purpose
Concepts	Protocol-agnostic theory (SAML, OIDC). Swap IdPs without rewriting.
Providers	IdP implementations (Keycloak today, Azure AD/Okta if needed later).
Integrations	Application-specific configurations (ISE, Gitea, etc.).

Layer

Purpose

Concepts

Protocol-agnostic theory (SAML, OIDC). Swap IdPs without rewriting.

Providers

IdP implementations (Keycloak today, Azure AD/Okta if needed later).

Integrations

Application-specific configurations (ISE, Gitea, etc.).

3. Architecture

4. Current Infrastructure

Component	Value	Notes
Identity Provider	Keycloak	keycloak-01.inside.domusdigitalis.dev:8443
Realm	domusdigitalis	Unified realm for all apps
PKI	DOMUS-ROOT-CA	Vault-issued certificates
Protocols	SAML 2.0, OIDC	SAML for ISE, OIDC for Gitea/NAS

Component

Value

Notes

Identity Provider

Keycloak

keycloak-01.inside.domusdigitalis.dev:8443

Realm

domusdigitalis

Unified realm for all apps

PKI

DOMUS-ROOT-CA

Vault-issued certificates

Protocols

SAML 2.0, OIDC

SAML for ISE, OIDC for Gitea/NAS

5. Applications Using SSO

Application	Protocol	Documentation
Cisco ISE Admin Portal	SAML	ISE Admin Portal SSO
Gitea	OIDC	Future
Synology NAS	OIDC	Future
iPSK Manager	OIDC	Future

Application

Protocol

Documentation

Cisco ISE Admin Portal

SAML

ISE Admin Portal SSO

Gitea

OIDC

Future

Synology NAS

OIDC

Future

iPSK Manager

OIDC

Future

6. Quick Links

SAML Concepts - Understanding SAML 2.0
Keycloak Provider - Current IdP setup
ISE Integration - Admin portal SSO
Troubleshooting - Common problems