Este contenido no está disponible en el idioma seleccionado.
Chapter 5. Configuring Authentication for the Web Console
You can configure the web console to require authentication, which is handled by Red Hat Single Sign-On. When enabled, users will be required to authenticate before being granted access to the web console.
It is recommended to complete the following steps to configure authentication for the web console.
Enable authentication for the web console.
NoteIf you have installed web console on OpenShift, authentication is already enabled and cannot be disabled.
- Change the administrative user’s credentials.
- Remove the default web console user.
- Add web console users.
5.1. Enable Authentication for Web Console Copiar enlaceEnlace copiado en el portapapeles!
If you have installed web console on OpenShift, authentication is already enabled and cannot be disabled.
Run the following script to require users to log in before accessing the web console. This script configures the Red Hat Single Sign-On login page to require users to authenticate before granting access to the web console.
RHAMT_HOME/switch_to_authentication_required.sh
$ RHAMT_HOME/switch_to_authentication_required.sh
In a Windows environment, use the switch_to_authentication_required.bat
script.
Now, whenever you start the web console, users will be required to authenticate to access it.
5.2. Change the Administrative User’s Credentials Copiar enlaceEnlace copiado en el portapapeles!
When you enable authentication for the web console, a default administrative user is provided with the username admin
and password password
. You should change this password so that only those that are authorized can make further changes to web console users.
Follow these steps to change the default administrative user’s password.
- Make sure that the web console is running.
Open the Red Hat Single Sign-On administration console.
For a ZIP installation:
-
Navigate to
http://localhost:8080/auth/
in a browser. - Select Administration Console to access the Red Hat Single Sign-On administration console.
-
Navigate to
For an OpenShift installation:
Navigate to
OPENSHIFT_URL/console/project/rhamt/overview
in a browser.NoteIf you renamed the OpenShift project when deploying, replace
rhamt
with the name of your project.- Click the link in the SSO HTTPS application and add "/auth" to the end of the URL.
- Select Administration Console to access the Red Hat Single Sign-On administration console.
-
Log in with the default credentials of
admin
andpassword
. - In the upper left corner, select the Master realm from the drop down.
- In the left-side navigation menu, select Users and then click View all users.
- From the admin user’s row, click Edit.
- Select the Credentials tab.
- Enter the new password in the New Password and Password Confirmation fields.
- Change the Temporary field to OFF to not require the user to change the password upon next login.
- Click Reset Password and then click Change password in the popup.
You can also remove this default administrative user completely and create your own administrative users. However, be sure to add the new users before removing the default user.
5.3. Remove the Default Web Console User Copiar enlaceEnlace copiado en el portapapeles!
A default web console user is provided with the web console with the username rhamt
and password password
. When you enable authentication for the web console, you should remove this user so that the web console can only be accessed by authorized users.
Follow these steps to remove the default web console user.
- Make sure that the web console is running.
Open the Red Hat Single Sign-On administration console.
For a ZIP installation:
-
Navigate to
http://localhost:8080/auth/
in a browser. - Select Administration Console to access the Red Hat Single Sign-On administration console.
-
Navigate to
For an OpenShift installation:
Navigate to
OPENSHIFT_URL/console/project/rhamt/overview
in a browser.NoteIf you renamed the OpenShift project when deploying, replace
rhamt
with the name of your project.- Click the link in the SSO HTTPS application and add "/auth" to the end of the URL.
- Select Administration Console to access the Red Hat Single Sign-On administration console.
-
Log in with an administrative user’s credentials. The default credentials are
admin
andpassword
. - In the upper left corner, select the Rhamt realm from the drop down.
- From the left-side navigation menu, select Users and then click View all users.
- From the rhamt user’s row, click Delete and confirm.
5.4. Add a New Web Console User Copiar enlaceEnlace copiado en el portapapeles!
When authentication is enabled for the web console, administrators will need to add users so that they can access the web console.
Follow these steps to add a new web console user.
- Make sure that the web console is running.
Open the Red Hat Single Sign-On administration console.
For a ZIP installation:
-
Navigate to
http://localhost:8080/auth/
in a browser. - Select Administration Console to access the Red Hat Single Sign-On administration console.
-
Navigate to
For an OpenShift installation:
Navigate to
OPENSHIFT_URL/console/project/rhamt/overview
in a browser.NoteIf you renamed the OpenShift project when deploying, replace
rhamt
with the name of your project.- Click the link in the SSO HTTPS application and add "/auth" to the end of the URL.
- Select Administration Console to access the Red Hat Single Sign-On administration console.
-
Log in with an administrative user’s credentials. The default credentials are
admin
andpassword
. - In the upper left corner, select the Rhamt realm from the drop down.
- From the left-side navigation menu, select Users and then click Add user.
- Enter the Username, First Name, Last Name, and any other required fields and click Save.
- Once the user has been added, select the Credentials tab.
- Enter a temporary password in the New Password and Password Confirmation fields, and leave the Temporary field set to ON.
- Click Reset Password and then click Change password in the confirmation popup.
The user is enabled by default and will be required to set a new password when they log in to the web console with this temporary password.
Revised on 2018-04-04 12:21:24 EDT