ClickCease Introducing OAuth2.0 Single Sign-On Support | tuxcare.com

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Introducing OAuth2.0 Single Sign-On support for ePortal authentication

July 22, 2021 - TuxCare PR Team

Having a centralised identity management system is the current best practice to consolidate and enforce secure login and authorisation policies over a wide range of systems, applications and devices. It solves the problem of having separate credentials for different systems, something which is inconvenient and can lead to insecure practices like password reuse.

We are happy to announce that ePortal 1.26-1 introduces support for Single Sign-On authentication following the OAuth 2.0 standard, supported out-of-the-box by authentication providers like Google, Okta and others.

 

From an administrative perspective, centralised authentication gives better control over policies like credential expiration, multi-factor token usage and access restrictions. So, whenever an application is added to your existing infrastructure, it’s just a matter of connecting it up to the centralised identity management system, and it’s ready to use.

Like other applications, ePortal requires some configurations to be made both in the Identity Management system (to add a new application) and within ePortal itself (to connect to said Identity Management system).

For example, when connecting ePortal to use Okta, you can follow the detailed instructions found in the documentation. This basically requires you to add a new application integration through the Okta Admin Console, selecting OpenID Connect as the Sign-In method, and filling in the following fields:

  • Sign-in redirect URIs:

http(s)://eportal.domain.com/admin/sso/login/callback

 

  • Sign-out redirects URIs:

http(s)://eportal.domain.com/admin

On the ePortal side, you also need to do some configuration, as this depends on the SSO provider used. For example, with an Okta server, the following configuration would achieve the integration:

 

cat <<EOF >> /usr/share/kcare-eportal/config/local.py

OIDC_AUTH_URL=“https://dev-61641393.okta.com/oauth2/v1/authorize”
OIDC_TOKEN_URL=“https://dev-61641393.okta.com/oauth2/v1/token”
OIDC_USERINFO_URL=“https://dev-61641393.okta.com/oauth2/v1/userinfo”
OIDC_CLIENT_ID=“0Aa134lzhZKj8jDMo5d7”
OIDC_CLIENT_SECRET=“AoBNuWRLRu2dxIR3Q0btO53N1entmGxBjQqwmjVL”
EOF

 

After making this change, you will need to reboot ePortal. You can find the instructions to do so here (dependant on the operating system used):

https://docs.kernelcare.com/kernelcare-enterprise/#stopping-starting

After the service successfully starts, when you try to log in, you will be greeted by this screen:

http://eportal.domain.com/admin/login

Now you can select “Sign In with SSO” to enter.

As mentioned above, the documentation that includes more details and step-by-step instructions can be found at: https://docs.kernelcare.com/kernelcare-enterprise/#authentication-using-single-sign-on

 

As with other recent features, the OAuth 2.0 integration started as a request from one of our subscribers. If you have any special needs that you would like to see included, get in touch with us, we’re always happy to improve our services to meet your expectations better.

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Related Articles

Strategies for Managing End-of-Life Operating...

End-of-life software is just a fact of our fast-paced technology...

January 30, 2023

Think You Can’t Afford Consistent...

Look, everyone knows that it’s a tough act. Thousands of...

January 17, 2023

Common Government Cybersecurity Standards –...

The public sector, including state and federal agencies, are at...

January 16, 2023

Which Linux Distro is Best...

If your organization deploys IoT solutions, you know that development...

December 1, 2022

The Bugs Behind the Vulnerabilities...

We continue to look at the code issues that cause...

November 14, 2022

Cybersecurity insurance and fine print:...

Catastrophic risks such as natural disasters and indeed cyberattacks require...

June 29, 2022