The government in carrying out its function as a public administration servant is regulated in law of the Republic of Indonesia number 25/2009 on public services. In this regulated about electronic government (e-government), many individuals use various web applications that require users to authenticate themselves to access each application. Many entities require various web- based applications for operational activities. This makes centralized access management for web-based applications very much needed. Currently, access management is often implemented using Single Sign On (SSO) with password authentication method. Security considerations arise against the use of passwords. This is because passwords have a vulnerability to brute forcing using a password list, and human nature often uses repeated or uncomplicated passwords. There is an alternative authentication method, namely Mutual TLS which utilizes Public Key Infrastructure (PKI). Users authenticate with X.509 digital certificates, so the authentication factor becomes something you have. This research aims to implement an integrated PKI SSO system and RBAC access automation. The approach of this project is research, design, implementation, and testing. The entire system is built with open-source software and implemented on a cloud infrastructure. The system has three subsystems, namely registration, login and RBAC access automation. All subsystems are tested according to the specified flow. The test results show that the registration subsystem has been successfully carried out as evidenced by the success of filling in personal data, approval flow, and downloading of certificates. The login subsystem was also successfully implemented, as evidenced by the existence of mTLS authentication with certificate validation. In testing the RBAC access automation subsystem, it is shown that the script created can perform access checks and access remediation if needed.

A. Susanto and R. B. Bahaweres, “Preliminary research on e-government development overview: An assessment on e-Government capabilities in Indonesia,” in 2013 International Conference of Information and Communication Technology (ICoICT), Mar. 2013, pp. 444–447, doi: 10.1109/ICoICT.2013.6574617.

M. of C. and I. Technology, The Strategic Plan of the Ministry of Communications. 2020.

T. Kalvet, “Innovation: a factor explaining e-government success in Estonia,” Electron. Gov. an Int. J., vol. 9, no. 2, p. 142, 2012, doi: 10.1504/EG.2012.046266.

A. Kalja, J. Pold, T. Robal, and U. Vallner, “Modernization of the e-government in Estonia,” 2011.

M.-J. Sule, M. Zennaro, and G. Thomas, “Cybersecurity through the lens of Digital Identity and Data Protection: Issues and Trends,” Technol. Soc., vol. 67, p. 101734, Nov. 2021, doi: 10.1016/j.techsoc.2021.101734.

T. Bazaz and A. Khalique, “A Review on Single Sign-on Enabling Technologies and Protocols,” vol. 151, no. 11, 2016.

U. M, I. S, and A.-N. A, “A dynamic access control model using authorising workflow and task-role-based access control,” in IEEE Access, 2019, pp. 166676–166689.

Yuping Deng, Xiaowei Guo, and Xiamu Niu, “A New Design Scheme of Role-Based Access Control Based on PKI,” in First International Conference on Innovative Computing, Information and Control - Volume I (ICICIC’06), 2006, vol. 3, pp. 669–672, doi: 10.1109/ICICIC.2006.387.

W. Xia et al., “Illuminate the Shadow: A Comprehensive Study of TLS Client Certificate Ecosystem in the Wild,” in 28th International Conference on Telecommunications (ICT), 2021, pp. 1–5.

A. Suganthy and V. P. Venkatesan, “An Introspective Study on Dynamic Role-Centric RBAC Models,” in IEEE International Conference on System, Computation, Automation and Networking (ICSCAN), 2019, pp. 1–6.

Zhengxian Gao, Zhongxue Li, and Yaqing Tu, “Design and completion of digital certificate with authorization based on PKI,” in Proceedings of the 2004 IEEE International Conference on Information Reuse and Integration, 2004. IRI 2004., 2004, pp. 462–466, doi: 10.1109/IRI.2004.1431504.

L. Hongxin, G. Keqing, and W. Yugang, “The Application of RBAC Model in E-Commerce System,” in International Conference on Electrical and Control Engineering, 2010, pp. 3059–3062.

C. Adams and S. Lloyd, Understanding PKI: Concepts, Standards, and Deployment Considerations, 2nd ed. Boston: Addison-Wesley, 2003.

Keycloak, “Single-Sign On,” https://www.keycloak.org/, 2022. https://www.keycloak.org/.

A. Chatterjee and A. Prinz, “Applying Spring Security Framework with KeyCloak-Based OAuth2 to Protect Microservice Architecture APIs: A Case Study,” Sensors, vol. 22, no. 5, p. 1703, Feb. 2022, doi: 10.3390/s22051703.