Authentication in EdgeX

[Neeraj-Nec]

Can I integrate any other open-source software (like WSO2, Keycloak) with EdgeX devices and other services for role-based authentication and time-based token generation?

[bnevis-i]

We refer to that ability somewhat in the authentication section of the manual,
https://docs.edgexfoundry.org/3.1/security/Ch-Authenticating/#1-creating-a-user-identity

Internally, a user identity is a paring of a Vault identity and an associated userpass login method bound to that identity. Vault supports many other authentication backends besides userpass, making it possible to federate with enterprise single sign-on, for example, but userpass is the only authentication method enabled by default.

In short, you can fork EdgeX, and enable different authentication providers on Vault to get other ways to get authentication tokens (such as Keycloak integration) to access EdgeX services. There is also a potential proposal for "bring your own Vault" where EdgeX would use a suitably configured Vault instance instead of creating its own. No serious work has been done on this proposal. More in-depth changes than this would require a major redesign of the authentication architecture.