Check the status of CVEs. Learn More.
Keeping your systems up 100% of the time requires live patching. Our solutions will align strongly with your risk, compliance, and operational uptime requirements.
TuxCare is trusted by the most innovative companies across the globe.
Learn about TuxCare's modern approach to reducing cybersecurity risk with Blogs, White Papers, and more.
Continually increasing Cybersecurity, stability, and availability of Linux servers and open source software since 2009.
TuxCare provides live security patching for numerous industries. Learn how TuxCare is minimizing risk for companies around the world.
2x a month. No spam.
July 22, 2021 - TuxCare PR Team
Having a centralised identity management system is the current best practice to consolidate and enforce secure login and authorisation policies over a wide range of systems, applications and devices. It solves the problem of having separate credentials for different systems, something which is inconvenient and can lead to insecure practices like password reuse.
We are happy to announce that ePortal 1.26-1 introduces support for Single Sign-On authentication following the OAuth 2.0 standard, supported out-of-the-box by authentication providers like Google, Okta and others.
From an administrative perspective, centralised authentication gives better control over policies like credential expiration, multi-factor token usage and access restrictions. So, whenever an application is added to your existing infrastructure, it’s just a matter of connecting it up to the centralised identity management system, and it’s ready to use.
Like other applications, ePortal requires some configurations to be made both in the Identity Management system (to add a new application) and within ePortal itself (to connect to said Identity Management system).
For example, when connecting ePortal to use Okta, you can follow the detailed instructions found in the documentation. This basically requires you to add a new application integration through the Okta Admin Console, selecting OpenID Connect as the Sign-In method, and filling in the following fields:
http(s)://eportal.domain.com/admin/sso/login/callback
http(s)://eportal.domain.com/admin
On the ePortal side, you also need to do some configuration, as this depends on the SSO provider used. For example, with an Okta server, the following configuration would achieve the integration:
cat <<EOF >> /usr/share/kcare-eportal/config/local.py OIDC_AUTH_URL=“https://dev-61641393.okta.com/oauth2/v1/authorize” OIDC_TOKEN_URL=“https://dev-61641393.okta.com/oauth2/v1/token” OIDC_USERINFO_URL=“https://dev-61641393.okta.com/oauth2/v1/userinfo” OIDC_CLIENT_ID=“0Aa134lzhZKj8jDMo5d7” OIDC_CLIENT_SECRET=“AoBNuWRLRu2dxIR3Q0btO53N1entmGxBjQqwmjVL” EOF
After making this change, you will need to reboot ePortal. You can find the instructions to do so here (dependant on the operating system used):
https://docs.kernelcare.com/kernelcare-enterprise/#stopping-starting
After the service successfully starts, when you try to log in, you will be greeted by this screen:
http://eportal.domain.com/admin/login
Now you can select “Sign In with SSO” to enter.
As mentioned above, the documentation that includes more details and step-by-step instructions can be found at: https://docs.kernelcare.com/kernelcare-enterprise/#authentication-using-single-sign-on
As with other recent features, the OAuth 2.0 integration started as a request from one of our subscribers. If you have any special needs that you would like to see included, get in touch with us, we’re always happy to improve our services to meet your expectations better.
Learn About Live Patching with TuxCare
End-of-life software is just a fact of our fast-paced technology...
Look, everyone knows that it’s a tough act. Thousands of...
The public sector, including state and federal agencies, are at...
If your organization deploys IoT solutions, you know that development...
We continue to look at the code issues that cause...
Catastrophic risks such as natural disasters and indeed cyberattacks require...