8.7. Integrating with External Single Sign-on (SSO) Providers

Procedure 8.21. To Install and Configure the SSO Plug-in:

1. On the broker host, install the rubygem-openshift-origin-sso-activemq package:

   # yum install rubygem-openshift-origin-sso-activemq

   Copy to Clipboard Toggle word wrap
2. Before enabling this plug-in, you must add a new user, topic, and queue to ActiveMQ. Edit the /etc/activemq/activemq.xml file and add the following user in the appropriate section:

   <authenticationUser username="ssoinfo" password="ssoinfopasswd" groups="ssoinfo,everyone"/>

   Copy to Clipboard Toggle word wrap
   Also add the following topic and queue to the appropriate sections:

   <authorizationEntry topic="ssoinfo.>" write="ssoinfo" read="ssoinfo" admin="ssoinfo" />
   <authorizationEntry queue="ssoinfo.>" write="ssoinfo" read="ssoinfo" admin="ssoinfo" />

   Copy to Clipboard Toggle word wrap
3. Restart ActiveMQ:

   # service activemq restart

   Copy to Clipboard Toggle word wrap
4. To enable the plug-in, copy the /etc/openshift/plugins.d/openshift-origin-sso-activemq.conf.example file to /etc/openshift/plugins.d/openshift-origin-sso-activemq.conf on the broker host:

   # cp /etc/openshift/plugins.d/openshift-origin-sso-activemq.conf.example \ /etc/openshift/plugins.d/openshift-origin-sso-activemq.conf

   Copy to Clipboard Toggle word wrap
5. In the /etc/openshift/plugins.d/openshift-origin-sso-activemq.conf file you just created, uncomment the last line specifying the /opt/rh/ruby193/root/etc/mcollective/client.cfg file:

   MCOLLECTIVE_CONFIG="/opt/rh/ruby193/root/etc/mcollective/client.cfg"

   Copy to Clipboard Toggle word wrap
   Alternatively, edit the values for the ACTIVE_* parameters with the appropriate information for your environment.
6. Restart the broker service for your changes take effect:

   # service openshift-broker restart

   Copy to Clipboard Toggle word wrap
7. Create a listener that will connect to ActiveMQ on the new topic that was added. The listener can be run on any system that can connect to the ActiveMQ server. The following is an example that simply echoes any messages received:

   #!/usr/bin/ruby
   
   require 'rubygems'
   require 'stomp'
   require 'yaml'
   
   c = Stomp::Client.new("ssoinfo", "ssoinfopasswd", "127.0.0.1", 61613)
   puts "Got stomp client, listening for messages on '/topic/ssoinfo':"
   c.subscribe('/topic/ssoinfo') { |msg|
           h = YAML.load(msg.body)
           puts "Message received: "
   	puts h.inspect
   }
   c.join

   Copy to Clipboard Toggle word wrap
8. Save and run your listener script. For example, if the script was saved at /root/listener.rb:

   # ruby /root/listener.rb

   Copy to Clipboard Toggle word wrap
9. To verify that the plug-in and listener are working, perform several application actions with the client tools or Management Console using a test user account. For example, create an application, add an alias, remove an alias, and remove the application. You should see messages reported by the listener script for each action performed.