Red Hat SummitChapter 13. Configuring applications for a single sign-on
Single sign-on (SSO) is an authentication scheme which allows you to log into multiple systems through a single log-in procedure. You can configure browsers and email clients to use Kerberos tickets, SSL certifications, or tokens as a means of authenticating users.
The configuration of different applications may vary. This chapter shows how to configure SSO authentication schema for the Mozilla Thunderbird email client and Mozilla Firefox web browser as the examples.
13.1. Prerequisites
You have installed the following applications:
- Mozilla Firefox version 88
- Mozilla Thunderbird version 78
13.2. Configuring Firefox to use Kerberos for single sign-on
You can configure Firefox to use Kerberos for single sign-on (SSO) to intranet sites and other protected websites. To do so, you first have to configure Firefox to send Kerberos credentials to the appropriate Key Distribution Center (KDC).
Even after configuring Firefox to pass Kerberos credentials, you still need a valid Kerberos ticket. To generate a Kerberos ticket, use the kinit command and supply the user password for the user on the KDC.
[jsmith@host ~] $ kinit Password for jsmith@EXAMPLE.COM:
[jsmith@host ~] $ kinit
Password for jsmith@EXAMPLE.COM:Procedure
-
In the address bar of Firefox, type
about:configto display the list of current configuration options. -
In the Filter field, type
negotiateto restrict the list of options. - Double-click the network.negotiate-auth.trusted-uris entry.
Enter the name of the domain against which to authenticate, including the preceding period (.). If you want to add multiple domains, enter them in a comma separated list.
Figure 13.1. Manual Firefox Configuration
13.3. Viewing certificates in Firefox
You can view stored certificates in Mozilla Firefox to verify authentication settings.
Procedure
In Mozilla Firefox, open the Firefox menu and select Preferences.
In the left panel, select the Privacy & Security section.
- Scroll down to the Certificates section.
Click View Certificates to open the Certificate Manager.
13.4. Importing CA certificates in Firefox
You can import certificates into Mozilla Firefox to establish trust with websites, servers, or applications that use those certificate for secure connection.
Prerequisites
- You have a CA certificate on your device.
Procedure
- Open Certificate Manager.
Select the Authorities tab and click Import.
Figure 13.2. Importing the CA Certificate in Firefox
- Select the downloaded CA certificate from your device.
13.5. Editing certificate trust settings in Firefox
You can change how Mozilla Firefox trusts a certificate.
Prerequisites
- You have successfully imported a certificate.
Procedure
- Open Certificate Manager.
- Under the Authorities tab, select the appropriate certificate and click Edit Trust.
Edit the certificate trust settings.
Figure 13.3. Editing the Certificate Trust Settings in Firefox
13.6. Importing personal certificate for authentication in Firefox
You can import personal certificates for authentication to websites and services.
Prerequisites
- You have a personal certificate stored on your device.
Procedure
- Open Certificate Manager.
Select the Your Certificates tab and click Import.
Figure 13.4. Importing a Personal Certificate for Authentication in Firefox
- Import the appropriate certificate from your computer.
13.7. Viewing certificates in Thunderbird
You can view certificates in the Mozilla Thunderbird to manage security settings for email client.
Procedure
In Thunderbird, open the main menu and select Preferences.
Figure 13.5. Selecting Preferences from menu
In the left panel, select the Privacy & Security section.
Figure 13.6. Selecting security section
- Scroll down to the Certificates section.
Click Manage Certificates to open the Certificate Manager.
Figure 13.7. Opening Certificate Manager
13.8. Importing certificates in Thunderbird
You can import certificates in the Mozilla Thunderbird email client.
Prerequisites
- You have a CA certificate stored on your device.
Procedure
- Open Certificate Manager.
Select the Authorities tab and click Import.
Figure 13.8. Importing the CA certificate in Thunderbird
- Select the downloaded CA certificate.
13.9. Editing certificate trust settings in Thunderbird
You can edit certificate trust settings in the Mozilla Thunderbird email client.
Prerequisites
- You have successfully imported a certificate.
Procedure
- Open Certificate Manager.
- Under the Authorities tab, select the appropriate certificate and click Edit Trust.
Edit the certificate trust settings.
Figure 13.9. Editing the certificate trust settings in Thunderbird
13.10. Importing personal certificate in Thunderbird
You can import certificates for personal authentication in the Mozilla Thunderbird email client.
Prerequisites
- You have a personal certificate stored on your device.
Procedure
- Open Certificate Manager.
Under the Your Certificates tab, click Import.
Figure 13.10. Importing a personal certificate for authentication in Thunderbird
- Import the required certificate from your computer.
- Close the Certificate Manager.
Open the main menu and select Account Settings.
Figure 13.11. Selecting Account Settings from menu
Select End-To-End Encryption in the left panel under your account email address.
Selecting End-To-End Encryption section.
- Under S/MIME section, click the first Select button to choose your personal certificate to use for signing messages.
Under S/MIME section, click the second Select button to choose your personal certificate for encrypting and decrypting messages.
Choosing certificate for signing and encryption/decryption.
If you forgot to import valid certificate, you can open Certificate Manager directly using the Manage S/MIME certificate option.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}