Red Hat SummitConfiguration notes for all authentication types
Managing authentication configuration includes updating callback URLs for OAuth and SSO authenticators and configuring timeout values for password-based authenticators.
Address these configuration requirements after setting up authenticators to maintain proper integration with external identity providers.
- Maintain OAuth and SSO authentication in Ansible Automation Platform: Update callback URLs in your identity providers to redirect authentication flows from automation controller to platform gateway.
- Prevent authentication request failures: Configure layered timeout values for password-based authenticators to ensure each upstream timeout exceeds the sum of its downstream timeouts.
- Align timeout values with your environment: Set authenticator-specific timeout values that match the performance characteristics of your external authentication servers.
Update callback URLs for OAuth and SSO providers
After architectural changes in Ansible Automation Platform 2.6, you must manually update the callback_url in your IdPs (GitHub, Entra ID, etc.). This redirect now points to the platform gateway instead of the controller and is dynamically generated for each authenticator.
Before you begin
- You have administrative access to the configuration settings of your external IdP.
About this task
After upgrading, your authentication method is disabled. As a platform administrator ensure that you enable the authenticator.
The callback_url is normally auto-generated by Ansible Automation Platform once the authentication method is configured. You must copy this generated URL from within Ansible Automation Platform and then paste it into your IdP’s settings.
Procedure
Results
Verify that the callback_url has been updated correctly and authentication is working:
- Log in to Ansible Ansible Automation Platform as an administrator account and enable the authentication method, if you have not already.
- Log in to Ansible Automation Platform using the newly configured or updated OAuth or SSO provider. A successful login indicates correct configuration.
Configure authenticator timeouts
Configure layered timeout settings for password-based authenticators, such as LDAP, RADIUS, and TACACS+. Properly aligning these upstream and downstream timeouts helps ensure that your authentication requests do not fail.
The system processes authentication requests through a chain of services, each with its own timeout setting:
- Envoy timeout: The total time a request can take before the initial entry point (Envoy) terminates the connection. This is the highest-level timeout.
- gRPC timeout: A downstream timeout that bounds the time spent communicating with the internal authentication service.
- Authenticator timeout: The lowest-level timeout, which defines how long an individual authenticator (LDAP, RADIUS, TACACS+) waits for a response from its third-party server.
Set timeout values
Adjust your individual authenticator timeout values to align with the specific performance needs of your authentication servers. Fine-tuning these settings helps ensure stable and reliable authentication for your Ansible Automation Platform environment.
Procedure
- For LDAP, set the
OPT_NETWORK_TIMEOUTin seconds. For example,OPT_NETWORK_TIMEOUT: 30 sets an LDAP timeout of 30 seconds. For more information, see Configuring LDAP authentication. - For TACACS+ authentication, if you want to change the timeout you have to do it through the platform gateway API.
- For RADIUS authentication, the timeout is not changeable and is set to 5 seconds.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}