红帽全球峰会此内容没有您所选择的语言版本。
Chapter 2. Single Sign On for Admin Portal
This guide provides information about how to configure and use single sign on with the 3scale admin portal
3scale supports single sign on (SS0) authentication for your members and admins.
The admin portal supports the following SSO providers, each which support a number of identity brokering and member federation options:
You can enable multiple SSO member authentication types
Only users that have been added to RH SSO or Auth0 will be able to access your 3scale admin portal through SSO. If you want to further restrict the access by either roles or user groups you should refer to the corresponding step by step tutorials on the RH SSO or Auth0 support portals.
Once you have established SSO through your chosen provider, you must configure it and enable it on the 3scale admin portal.
2.1.1. RH SSO Prerequisites
- An RH SSO instance and realm configured as described under the Configuring Red Hat Single Sign-On section of the developer portal documentation
2.1.2. Auth0 Prerequisites
- An Auth0 Subscription and account
2.1.3. Enable SSO
As an administrator, perform the following steps in the 3scale admin panel to enable RH SSO or Auth0:
- Ensure your preferred SSO provider, highlighted in the prerequisites, has been properly configured
Navigate to SSO Integrations in the Account Settings:
- Click the gear icon in the upper right corner of the page
- Navigate to Account Settings (gear icon) > Users > SSO Integrations, and click New SSO Integration.
- Select your SSO provider from the dropdown list
Enter the required information, provided when you configured your SSO:
- Client
- Client Secret
- Realm or Site
- Click Create Authentication Provider
If, during testing, you encounter a callback URL mismatch, add the callback URL shown in the error message to your Auth0 allowed callback URLs.
2.2. Step 2: Using SSO with 3scale
Once you have configured SSO, members can sign on using the account credentials in connected IdPs.
Follow these steps to log in to the 3scale Admin portal using SSO:
Navigate to your 3scale login page:
https://<organization>-admin.3scale.net/p/login
https://<organization>-admin.3scale.net/p/loginCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Authorize 3scale with your IdP
- If necessary, complete sign up by entering any needed information
Once you successfully sign up, you will have a member account under the API provider organization, and you will be automatically logged in.
These steps will show the 3scale API Management administrator how to redirect to an Identity Provider (IdP) login screen (RH SSO). Complete these steps and your 3scale account will be accessible through an optional single sign-on (SSO) login page.
2.3.1. Prerequisites
- 3scale 2.4
- An RH SSO instance and realm configured as described under the Configuring Red Hat Single Sign-On section of the Developer Portal documentation.
Before you can integrate RH SSO with 3scale, you must have a working RH SSO instance. Refer to the RH SSO documentation for installation instructions: Installing RH-SSO 7.2.
2.3.2. Required Steps
- Access and follow the instructions for setting up RH SSO under the Single Sign On for Admin Portal section of the Red Hat 3scale API Management documentation.
Provide your RH SSO administrator with your 3scale URL. The URL will form the basis for a redirect within RH SSO for your secure logon.
https://<organization>-admin.3scale.net/auth/<system_name>/bounce
https://<organization>-admin.3scale.net/auth/<system_name>/bounceCopy to Clipboard Copied! Toggle word wrap Toggle overflow The system_name assumes RH SSO has been used as the SSO provider in your 3scale instance with an id of rhsso:
https://<organization>-admin.3scale.net/auth/rhsso/bounce
https://<organization>-admin.3scale.net/auth/rhsso/bounceCopy to Clipboard Copied! Toggle word wrap Toggle overflow To get the id in your 3scale instance navigate to:
https://<organization>.3scale.net/p/admin/account/authentication_providers/<ID>
https://<organization>.3scale.net/p/admin/account/authentication_providers/<ID>Copy to Clipboard Copied! Toggle word wrap Toggle overflow You will see:
The Callback URL
https://<organization>.3scale.net/auth/keycloak_0123456aaaaa/callback
https://<organization>.3scale.net/auth/keycloak_0123456aaaaa/callbackCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Where keycloak_0123456aaaaa is the system name and is used in the bounce URL.
- Navigate to the new RH SSO URL and securely log in to your 3scale account.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}