Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 6. Configuring SSO authentication for the RHEL web console in the IdM domain

Configure Single Sign-On (SSO) authentication for the RHEL web console by using Identity Management (IdM). With SSO enabled, IdM users with a Kerberos ticket can access the web console without re-entering credentials.

You can use Single Sign-on (SSO) authentication provided by Identity Management (IdM) in the RHEL web console to leverage the following advantages:

  • IdM domain administrators can use the web console to manage local systems.
  • Users with a Kerberos ticket in the IdM domain do not have to provide login credentials to access the web console.
  • All hosts known to the IdM domain are accessible through SSH from the local instance of the web console.
  • Certificate configuration is not necessary. The console’s web server automatically switches to a certificate issued by the IdM certificate authority and accepted by browsers.

Configuring SSO for logging into the web console requires:

  1. You must add systems to the IdM domain by using the web console.
  2. If you want to use Kerberos for authentication, you must obtain a Kerberos ticket on your systems.
  3. Allow administrators on the IdM server to use any command on any host.

You can join a RHEL system to an IdM domain directly in the RHEL web console. This integrates the system into the centralized identity management environment, enabling IdM users to log in.

Prerequisites

  • The IdM domain is running and reachable from the client you want to join.
  • You have the IdM domain administrator credentials.

Procedure

  1. Log in to the RHEL 10 web console.
  2. In the Configuration field of the Overview tab click Join Domain.
  3. In the Join a Domain dialog box, enter the hostname of the IdM server in the Domain Address field.
  4. In the Domain administrator name field, enter the username of the IdM administration account.
  5. In the Domain administrator password, add a password.
  6. Click Join.

Verification

  1. If the RHEL 10 web console does not display an error, the system joined to the IdM domain and you can see the domain name in the System screen.

  2. To verify that the user is a member of the domain, click the Terminal page and type the id command: 

    $ id
    Copy to Clipboard Toggle word wrap 
    euid=548800004(example_user) gid=548800004(example_user) groups=548800004(example_user) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
    Copy to Clipboard Toggle word wrap

You can log in to the RHEL web console by using Kerberos authentication. If you already have a valid Kerberos ticket from your IdM domain, you can access the console without re-entering your password.

Important

With SSO, you usually do not have any administrative privileges in the web console. This only works if you configure passwordless sudo. The web console does not prompt for a sudo password interactively.

Prerequisites

  • You have installed the RHEL 10 web console.

    For instructions, see Installing and enabling the web console.

  • If the system does not use a Kerberos ticket managed by the SSSD client, request the ticket with the kinit utility manually.

Procedure

  • Log in to the RHEL web console by entering the following URL in your web browser: 

    https://<dns_name>:9090
    Copy to Clipboard Toggle word wrap
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2026 Red HatBack to top