SSO in web admin using OpenID
A feature that has recently landed in git main on GitHub and will be released in 2.0 is the ability to log into Zato’s web-admin using OpenID.
This lets one make use of an already existing Single Sign-On (SSO) infrastructure instead of requiring Zato admins to memorize additional credentials.
Here’s how to enable it:
-
Open the config file at /path/to/web/admin/config/repo/web-admin.conf
-
Change the OPENID_SSO_SERVER_URL to a URL your SSO server uses
-
For each user in web admin:
- Make sure the user has been already created, let’s say it’s ‘myuser’
- Issue the new zato update openid command, for instance
% zato update openid /path/to/web/admin myuser https:// sso.example.com/myuser
OK % ```
Where
- zato update openid - the command to invoke
- /path/to/web/admin - path to web admin’s top-level directory
- myuser - username whose OpenID claimed ID should be set https://sso.example.com/myuser - claimed ID of the user
No restarts are needed after updating a given user’s credentials.
Note that enabling SSO disables regular password based authentication. To revert to the latter, set OPENID_SSO_SERVER_URL to "" and restart web admin.