A feature that has recently landed in git main on GitHub and will be released in 2.0 is the ability to log into Zato’s web-admin using OpenID.

This lets one make use of an already existing Single Sign-On (SSO) infrastructure instead of requiring Zato admins to memorize additional credentials.

Here’s how to enable it:

• Open the config file at /path/to/web/admin/config/repo/web-admin.conf

• Change the OPENID_SSO_SERVER_URL to a URL your SSO server uses

• Stop and start the web admin

• For each user in web admin:

  • Make sure the user has been already created, let’s say it’s ‘myuser’
  • Issue the new zato update openid command, for instance

  % zato update openid /path/to/web/admin myuser https://    sso.example.com/myuser
  

OK % ```

Where

• zato update openid - the command to invoke
• /path/to/web/admin - path to web admin’s top-level directory
• myuser - username whose OpenID claimed ID should be set https://sso.example.com/myuser - claimed ID of the user

No restarts are needed after updating a given user’s credentials.

Note that enabling SSO disables regular password based authentication. To revert to the latter, set OPENID_SSO_SERVER_URL to "" and restart web admin.