A feature that has recently landed in git main on GitHub and will be released in 2.0 is the ability to log into Zato’s web-admin using OpenID.

This lets one make use of an already existing Single Sign-On (SSO) infrastructure instead of requiring Zato admins to memorize additional credentials.

Here’s how to enable it:

  • Open the config file at /path/to/web/admin/config/repo/web-admin.conf

  • Change the OPENID_SSO_SERVER_URL to a URL your SSO server uses

  • Stop and start the web admin

  • For each user in web admin:

    • Make sure the user has been already created, let’s say it’s ‘myuser’
    • Issue the new zato update openid command, for instance
    % zato update openid /path/to/web/admin myuser https://    sso.example.com/myuser

OK % ```


  • zato update openid - the command to invoke
  • /path/to/web/admin - path to web admin’s top-level directory
  • myuser - username whose OpenID claimed ID should be set https://sso.example.com/myuser - claimed ID of the user

No restarts are needed after updating a given user’s credentials.

Note that enabling SSO disables regular password based authentication. To revert to the latter, set OPENID_SSO_SERVER_URL to "" and restart web admin.