SSO in web admin using OpenID
This lets one make use of an already existing Single Sign-On (SSO) infrastructure instead of requiring Zato admins to memorize additional credentials.
Here's how to enable it:
Open the config file at /path/to/web/admin/config/repo/web-admin.conf
Change the OPENID_SSO_SERVER_URL to a URL your SSO server uses
For each user in web admin:
- Make sure the user has been already created, let's say it's 'myuser'
- Issue the new zato update openid command, for instance
% zato update openid /path/to/web/admin myuser https://sso.example.com/myuser OK %
- zato update openid - the command to invoke
- /path/to/web/admin - path to web admin's top-level directory
- myuser - username whose OpenID claimed ID should be set
- https://sso.example.com/myuser - claimed ID of the user
No restarts are needed after updating a given user's credentials.
Note that enabling SSO disables regular password based authentication. To revert to the latter, set OPENID_SSO_SERVER_URL to "" and restart web admin.Comments powered by Disqus