Single Sign On in User Portal

Single Sign On automatically authenticates the user when logging into the User Portal.

Setting up Fudo PAM for SSO

  1. Set Fudo PAM hostname to fudo.sso.dwt.

    • Select Settings > Network configuration.
    • Switch to the Name & DNS tab.
    • Enter fudo.sso.dwt in the Hostname field.
  2. Configure DNS server to point to a DNS server in the sso.dwt domain.

    • Click Add DNS server to define new DNS server.
    • Enter DNS server IP address.
    • Click Save.
  3. Add user, that has an AD domain account.

  4. Define SSO service parameters in system settings.

    • Select Settings > System.
    • In the User portal SSO settings section, provide service identifier that will match the user account with the service instance.
    • Upload the keytab file containing user’s ID and encryption keys for encrypting and decrypting Kerberos tickets.
    ../../_images/system_sso.png
    • Click Save.

Setting up domain controller

  1. Add user account, which will be used by the User Portal to communicate with the sso.dwt domain.

    Note

    When adding the account, enable the Password does not expire option.

  2. On the DNS server add forward and reverse DNS entries for fudo.sso.dwt.

  3. Create a Kerberos ticket for Fudo PAM running the following command in the Powershell or CMD console:

ktpass -princ HTTP/fudo.sso.dwt@SSO.DWT -mapuser sso\username -pass password. - ptype KRB5_NT_PRINCIPAL -out fudo.sso.dwt.keytab


Setting up user workstations

  1. Log in using credential of a user that will be connecting to servers through the User Portal.
  2. Launch Internet Explorer.
  3. Open the Internet options settings window.
  4. Switch to the Security tab.
  5. Select the Local intranet option and click Sites.
  6. Click Advanced.
  7. Add the User Portal address - fudo.sso.dwt.
  8. Close settings window.

Related topics: