Skip to main content

Configure SSO - Single sign on using Red hat IDM(FreeIPA)

Hello,

If you want to configure your own SSO(Single-Sign-On) using FreeIPA and interested to know more about functionality and operations of it, this post will help you a lot.
-> Let's start: -

1. First of all you have to configure Red Hat IDM which is also know as FreeIPA, for this I have written a post few weeks ago, where I explained all the steps in detail. Please Click here.. for detailed steps.

OR copy and paste below URL in your web browser-

2. Once master side configurations have been completed, you have to configure FreeIPA client or I would say client side configuration. I have written a post for this as well, where I explained all the steps in detail. Please Clieck here... for detailed steps.

OR copy and paste below URL in your web browser-

After this let's take an example where rkumar is trying to access client1 using ssh and you know client1 and client2 both are enrolled hosts of your IPA(master).

Note: - When first time user try to login by default password is expired so you have to reset your password.
[root@client2 ~]# ssh rkumar@client1.example.com
Password:
Password expired. Change your password now.
Current Password:
New password:
Retype new password:
Creating home directory for rkumar.
-sh-4.2$
rkumar user gets a SHELL means you have logged in client1 system using ssh with rkumar user, but you have to enter rkumar user's password.

Please logout rkumar as of now so that you can test 2nd and important scenario.
-sh-4.2$ logout
Connection to client1.example.com closed.

[root@client2 ~]# kinit rkumar
Password for rkumar@EXAMPLE.COM:
[root@client2 ~]# klist
Ticket cache: KEYRING:persistent:0:0
Default principal: rkumar@EXAMPLE.COM

Valid starting       Expires              Service principal
12/24/2018 11:18:10  12/25/2018 11:18:03  krbtgt/EXAMPLE.COM@EXAMPLE.COM
[root@client2 ~]# ssh rkumar@client1.example.com
Last login: Mon Dec 24 11:17:03 2018 from 192.168.1.104
-sh-4.2$

Without password you have logged in client1 system, with the help of Ticket cache: KEYRING:persistent:0:0
This is not only case with SSH, this is very big thing, with the help of it you can login using all the protocol which are running on these machine.
In this example client1 is  ssh server for client2.

That's all guys, your own SSO is ready which you can manipulate as per your requirement.

Comments

Post a Comment

Please share your experience.....

Popular posts from this blog

error: db5 error(11) from dbenv->open: Resource temporarily unavailable

If rpm command is not working in your system and it is giving an error message( error: db5 error(11) from dbenv->open: Resource temporarily unavailable ). What is the root cause of this issue? How to fix this issue?   just a single command- [root@localhost rpm]# rpm --rebuilddb Detailed error message- [root@localhost rpm]# rpm -q firefox ^Cerror: db5 error(11) from dbenv->open: Resource temporarily unavailable error: cannot open Packages index using db5 - Resource temporarily unavailable (11) error: cannot open Packages database in /var/lib/rpm ^Cerror: db5 error(11) from dbenv->open: Resource temporarily unavailable error: cannot open Packages database in /var/lib/rpm package firefox is not installed [root@localhost rpm]# RPM manage a database in which it store all information related to packages installed in our system. /var/lib/rpm, this is directory where this information is available. [root@localhost rpm]# cd /var/lib/rpm ...
2 comments
Read more

Failed to get D-Bus connection: Operation not permitted

" Failed to get D-Bus connection: Operation not permitted " - systemctl command is not working in Docker container. If systemctl command is not working in your container and giving subjected error message then simple solution of this error is, create container with -- privileged option and also provide init file full path  /usr/sbin/init [root@server109 ~]# docker container run -dit --privileged --name systemctl_not_working_centos1 centos:7 /usr/sbin/init For detailed explanation and understanding I am writing more about it, please have look below. If we have a daemon based program(httpd, sshd, jenkins, docker etc.) running inside a container and we would like to start/stop or check status of daemon inside docker then it becomes difficult for us to perform such operations , because by default systemctl and service  commands don't work inside docker. Normally we run below commands to check services status in Linux systems. [root@server109 ~]# systemctl status ...
4 comments
Read more

How to check rpm integrity?

This post will help you to get answers of below questions- How to check rpm integrity? How to check rpm authenticity? How to check rpm digital signature? What is gpgcheck? Let's take an example of below rpm package and see, how to verify if it is a genuine package? [root@localhost tmp]# ls -l vsftpd-2.2.2-11.el6.x86_64.rpm -r--r--r--. 1 root root 154392 Jan 27 10:27 vsftpd-2.2.2-11.el6.x86_64.rpm [root@localhost tmp]# There are multiple way to verify. 1. Verify using rpm [root@localhost tmp]# rpm -q vsftpd package vsftpd is not installed [root@localhost tmp]# [root@localhost tmp]# rpm -K vsftpd-2.2.2-11.el6.x86_64.rpm vsftpd-2.2.2-11.el6.x86_64.rpm: RSA sha1 ((MD5) PGP) md5 NOT OK (MISSING KEYS: (MD5) PGP#fd431d51) [root@localhost tmp]# If you want to see more details then use below options [root@localhost tmp]# rpm -vvK vsftpd-2.2.2-11.el6.x86_64.rpm D: loading keyring from pubkeys in /var/lib/rpm/pubkeys/*.key D: couldn't find any keys in /var/...
Post a Comment
Read more