Skip to main content

Configure SSO - Single sign on using Red hat IDM(FreeIPA)

Hello,

If you want to configure your own SSO(Single-Sign-On) using FreeIPA and interested to know more about functionality and operations of it, this post will help you a lot.
-> Let's start: -

1. First of all you have to configure Red Hat IDM which is also know as FreeIPA, for this I have written a post few weeks ago, where I explained all the steps in detail. Please Click here.. for detailed steps.

OR copy and paste below URL in your web browser-

2. Once master side configurations have been completed, you have to configure FreeIPA client or I would say client side configuration. I have written a post for this as well, where I explained all the steps in detail. Please Clieck here... for detailed steps.

OR copy and paste below URL in your web browser-

After this let's take an example where rkumar is trying to access client1 using ssh and you know client1 and client2 both are enrolled hosts of your IPA(master).

Note: - When first time user try to login by default password is expired so you have to reset your password.
[root@client2 ~]# ssh rkumar@client1.example.com
Password:
Password expired. Change your password now.
Current Password:
New password:
Retype new password:
Creating home directory for rkumar.
-sh-4.2$
rkumar user gets a SHELL means you have logged in client1 system using ssh with rkumar user, but you have to enter rkumar user's password.

Please logout rkumar as of now so that you can test 2nd and important scenario.
-sh-4.2$ logout
Connection to client1.example.com closed.

[root@client2 ~]# kinit rkumar
Password for rkumar@EXAMPLE.COM:
[root@client2 ~]# klist
Ticket cache: KEYRING:persistent:0:0
Default principal: rkumar@EXAMPLE.COM

Valid starting       Expires              Service principal
12/24/2018 11:18:10  12/25/2018 11:18:03  krbtgt/EXAMPLE.COM@EXAMPLE.COM
[root@client2 ~]# ssh rkumar@client1.example.com
Last login: Mon Dec 24 11:17:03 2018 from 192.168.1.104
-sh-4.2$

Without password you have logged in client1 system, with the help of Ticket cache: KEYRING:persistent:0:0
This is not only case with SSH, this is very big thing, with the help of it you can login using all the protocol which are running on these machine.
In this example client1 is  ssh server for client2.

That's all guys, your own SSO is ready which you can manipulate as per your requirement.

Comments

Popular posts from this blog

error: db5 error(11) from dbenv->open: Resource temporarily unavailable

If rpm command is not working in your system and it is giving an error message( error: db5 error(11) from dbenv->open: Resource temporarily unavailable ). What is the root cause of this issue? How to fix this issue?   just a single command- [root@localhost rpm]# rpm --rebuilddb Detailed error message- [root@localhost rpm]# rpm -q firefox ^Cerror: db5 error(11) from dbenv->open: Resource temporarily unavailable error: cannot open Packages index using db5 - Resource temporarily unavailable (11) error: cannot open Packages database in /var/lib/rpm ^Cerror: db5 error(11) from dbenv->open: Resource temporarily unavailable error: cannot open Packages database in /var/lib/rpm package firefox is not installed [root@localhost rpm]# RPM manage a database in which it store all information related to packages installed in our system. /var/lib/rpm, this is directory where this information is available. [root@localhost rpm]# cd /var/lib/rpm ...

Failed to get D-Bus connection: Operation not permitted

" Failed to get D-Bus connection: Operation not permitted " - systemctl command is not working in Docker container. If systemctl command is not working in your container and giving subjected error message then simple solution of this error is, create container with -- privileged option and also provide init file full path  /usr/sbin/init [root@server109 ~]# docker container run -dit --privileged --name systemctl_not_working_centos1 centos:7 /usr/sbin/init For detailed explanation and understanding I am writing more about it, please have look below. If we have a daemon based program(httpd, sshd, jenkins, docker etc.) running inside a container and we would like to start/stop or check status of daemon inside docker then it becomes difficult for us to perform such operations , because by default systemctl and service  commands don't work inside docker. Normally we run below commands to check services status in Linux systems. [root@server109 ~]# systemctl status ...

AWS cloud automation using Terraform

In this post I'll create multiple resources in AWS cloud using Terraform . Terraform is an infrastructure as code( IAC ) software which can do lots of things but it is superb in cloud automation. To use Terraform we have write code in a high-level configuration language known as Hashicorp Configuration Language , optionally we can write code in JSON as well. I'll create below service using Terraform- 1. Create the key-pair and security group which allow inbound traffic on port 80 and 22 2. Launch EC2 instance. 3. To create EC2 instance use same key and security group which created in step 1 4. Launch Volume(EBS) and mount this volume into /var/www/html directory 5. Upload index.php file and an image on GitHub repository 6. Clone GitHub repository into /var/www/html 7. Create S3 bucket, copy images from GitHub repo into it and set permission to public readable 8 Create a CloudFront use S3 bucket(which contains images) and use the CloudFront URL to update code in /var/w...