Integration with CERB server

CERB is complete user authorization solution which supports a number of authorization mechanisms (i.e. mobile token, onetime passwords, etc.). The following procedure describes configuration steps required to enable Wheel Fudo PAM to verify users credentials using CERB server.

CERB server configuration

  1. Adding RADIUS client.
  • Select RADIUS clients > Add client to add Wheel Fudo PAM as a RADIUS client.
../../_images/CERB_client_1.png
  • Provide Wheel Fudo PAM IP address, client’s name and password and click Save.
../../_images/CERB_client_2.png

Note

Password will be required to define external authorization server in Wheel Fudo PAM administration panel.

  1. Adding user group.
  • Select Groups > Add group to define Wheel Fudo PAM users who will be authorized by the CERB server.
../../_images/CERB_group_1.png
  • Enter group’s name (fudo_users) and click Save.
../../_images/CERB_group_2.png
  1. Adding user.
  • Select Users > Add user to open new user definition window.
../../_images/CERB_user_1.png
  • Provide user name, description and select desired authorization module (refer to CERB server documentation form more information on authorization modules).
../../_images/CERB_user_2.png

Note

Username is used to authenticate users on Wheel Fudo PAM.

  • Assign user to previously created fudo_users group and click Save.
../../_images/CERB_user_3.png
  1. Configuring service.
  • Select Services > Add service to open new service definition window.
../../_images/CERB_service_1.png
  • Provide name identifying authorization service (cerb_fudo) and service description.
  • Add fudo_users group to service and click Add.
../../_images/CERB_service_2.png

Wheel Fudo PAM server configuration

  1. Adding CERB external authorization server.
  • Select Settings > External authentication.
  • Click Add external authentication source to add CERB server definition.
../../_images/cerb_integration_fudo_add_auth.png
  • Provide CERB server IP address, secret and service name identifying authorization service.

Note

Secret must match the RADIUS client password on CERB server. Service name must match the service name on CERB

  • Click Save.
../../_images/cerb_integration_fudo_define_auth.png
  1. Adding user.
  • Select Management > Users.
  • Click Add.
../../_images/cerb_integration_fudo_add_user.png
  • Provide basic user information.

Note

Username must match the user name defined on CERB server.

  • Select CERB from the drop-down list as authorization method and select previously added authorization server.
  • Click Save.
../../_images/cerb_integration_fudo_define_user.png
  1. Adding connection.
  • Select Management > Connections.
  • Click Add.
../../_images/cerb_integration_fudo_add_conn.png
  • Provide basic connection parameters.
  • Select previously defined user.
  • Select target server to enable user access within given connection.
  • Select user authorization mode (User authorization mode).
  • Click Save.
../../_images/cerb_integration_fudo_define_conn.png