Access Control in Game Warden¶
Game Warden uses identity federation and token-based authentication to control access to applications. The implementation varies by environment — select your environment below to find the relevant guidance.
How access control works in Game Warden¶
Regardless of environment, Game Warden access control is built on three core concepts.
-
Identity federation: Users authenticate through an external Identity Provider (IdP) federated with Keycloak. Game Warden does not manage local credentials — all authentication is delegated to the configured IdP. In DoW environments this is P1 SSO; in FedRAMP environments this is a FedRAMP-authorized IdP.
-
Token-based authorization: Upon successful authentication, the IdP issues a JSON Web Token (JWT). Game Warden validates the JWT on each request and uses its claims to enforce access decisions. Applications should validate JWTs and apply the Principle of Least Privilege when scoping access to claims.
-
Policy enforcement: Istio authorization policies enforce access controls at the service mesh level. Custom OIDC client integrations are supported for applications with additional access control requirements.
Key differences by environment¶
| Concept | DoW | FedRAMP |
|---|---|---|
| Primary IdP | P1 SSO | FedRAMP-authorized IdP |
| Local authentication | Permitted with configuration | Not permitted |
| Keycloak integration | Optional (custom OIDC) | Mandatory |
| Periodic access reviews | Recommended | Required |
| Account lockout policy | Configurable | Required |