Questo contenuto non è disponibile nella lingua selezionata.

Chapter 122. Configuring Single Sign-On for the RHEL 8 web console in the IdM domain


You can use Single Sign-on (SSO) authentication provided by Identity Management (IdM) in the RHEL 8 web console to leverage the following advantages:

  • IdM domain administrators can use the RHEL 8 web console to manage local machines.
  • Users with a Kerberos ticket in the IdM domain do not need to provide login credentials to access the web console.
  • All hosts known to the IdM domain are accessible via SSH from the local instance of the RHEL 8 web console.
  • Certificate configuration is not necessary. The console’s web server automatically switches to a certificate issued by the IdM certificate authority and accepted by browsers.

Configuring SSO for logging into the RHEL web console requires to:

  1. Add machines to the IdM domain using the RHEL 8 web console.
  2. If you want to use Kerberos for authentication, you must obtain a Kerberos ticket on your machine.
  3. Allow administrators on the IdM server to run any command on any host.

Prerequisites

122.1. Joining a RHEL 8 system to an IdM domain using the web console

You can use the web console to join the Red Hat Enterprise Linux 8 system to the Identity Management (IdM) domain.

Prerequisites

  • The IdM domain is running and reachable from the client you want to join.
  • You have the IdM domain administrator credentials.

Procedure

  1. Log in to the RHEL 8 web console.

    For details, see Logging in to the web console.

  2. In the Configuration field of the Overview tab click Join Domain.
  3. In the Join a Domain dialog box, enter the host name of the IdM server in the Domain Address field.
  4. In the Domain administrator name field, enter the user name of the IdM administration account.
  5. In the Domain administrator password, add a password.
  6. Click Join.

Verification

  1. If the RHEL 8 web console did not display an error, the system has been joined to the IdM domain and you can see the domain name in the System screen.
  2. To verify that the user is a member of the domain, click the Terminal page and type the id command:

    $ id
    euid=548800004(example_user) gid=548800004(example_user) groups=548800004(example_user) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

122.2. Logging in to the web console using Kerberos authentication

Configure the RHEL 8 system to use Kerberos authentication.

Important

With SSO, you usually do not have any administrative privileges in the web console. This only works if you configure passwordless sudo. The web console does not interactively ask for a sudo password.

Prerequisites

  • You have installed the RHEL 8 web console.

    For instructions, see Installing and enabling the web console.

  • If the system does not use a Kerberos ticket managed by the SSSD client, request the ticket with the kinit utility manually.

Procedure

  • Log in to the RHEL web console by entering the following URL in your web browser:

     https://<dns_name>:9090

    A screenshot of the web console with a menu in a column along the left that has the following buttons: System - Logs - Storage - Networking - Accounts - Services - Applications - Diagnostic Reports - Kernel Dump - SELinux. The "System" option has been chosen and displays details for the system such as Hardware - Machine ID - Operating system - Secure Shell Keys - Hostname - and others. 3 graphs display usage of CPUs over time - use of Memory and Swap over time - and Disk I/O over time.

    At this point, you are successfully connected to the RHEL web console and you can start with configuration.

Red Hat logoGithubRedditYoutubeTwitter

Formazione

Prova, acquista e vendi

Community

Informazioni sulla documentazione di Red Hat

Aiutiamo gli utenti Red Hat a innovarsi e raggiungere i propri obiettivi con i nostri prodotti e servizi grazie a contenuti di cui possono fidarsi.

Rendiamo l’open source più inclusivo

Red Hat si impegna a sostituire il linguaggio problematico nel codice, nella documentazione e nelle proprietà web. Per maggiori dettagli, visita ilBlog di Red Hat.

Informazioni su Red Hat

Forniamo soluzioni consolidate che rendono più semplice per le aziende lavorare su piattaforme e ambienti diversi, dal datacenter centrale all'edge della rete.

© 2024 Red Hat, Inc.