Chapter 4. Configuring authentication for the web console

You can configure the web console to require authentication, which is handled by Red Hat Single Sign-On. When enabled, users will be required to authenticate before being granted access to the web console.

It is recommended to complete the following steps to configure authentication for the web console.

  1. Enable authentication for the web console.

    Note

    If you have installed web console on OpenShift, authentication is already enabled and cannot be disabled.

  2. Change the administrative user’s credentials.
  3. Remove the default web console user.
  4. Add web console users.

4.1. Enabling authentication for web console

Note

If you have installed web console on OpenShift, authentication is already enabled and cannot be disabled.

Run the following script to require users to log in before accessing the web console. This script configures the Red Hat Single Sign-On login page to require users to authenticate before granting access to the web console.

$ <MTA_HOME>/switch_to_authentication_required.sh
Note

In a Windows environment, use the switch_to_authentication_required.bat script.

Now, whenever you start the web console, users will be required to authenticate to access it.

4.2. Changing the administrative user’s credentials

When you enable authentication for the web console, a default administrative user is provided with the username admin and password password. You should change this password so that only those that are authorized can make further changes to web console users.

Follow these steps to change the default administrative user’s password.

  1. Make sure that the web console is running.
  2. Open the Red Hat Single Sign-On administration console.

    • For a .zip installation:

      1. Navigate to http://localhost:8080/auth/ in a browser.
      2. Select Administration Console to access the Red Hat Single Sign-On administration console.
    • For an OpenShift installation:

      1. Navigate to <OPENSHIFT_URL>/console/project/mta/overview in a browser.

        Note

        If you renamed the OpenShift project when deploying, replace mta with the name of your project.

      2. Click the link in the SSO HTTPS application and add "/auth" to the end of the URL.
      3. Select Administration Console to access the Red Hat Single Sign-On administration console.
  3. Log in with the default credentials of admin and password.
  4. In the upper left corner, select the Master realm from the drop down.
  5. In the left-side navigation menu, select Users and then click View all users.
  6. From the admin user’s row, click Edit.
  7. Select the Credentials tab.
  8. Enter the new password in the New Password and Password Confirmation fields.
  9. Change the Temporary field to OFF to not require the user to change the password upon next login.
  10. Click Reset Password and then click Change password in the popup.

You can also remove this default administrative user completely and create your own administrative users. However, be sure to add the new users before removing the default user.

4.3. Removing the default web console user

A default web console user is provided with the web console with the username mta and password password. When you enable authentication for the web console, you should remove this user so that the web console can only be accessed by authorized users.

Follow these steps to remove the default web console user.

  1. Make sure that the web console is running.
  2. Open the Red Hat Single Sign-On administration console.

    • For a .zip installation:

      1. Navigate to http://localhost:8080/auth/ in a browser.
      2. Select Administration Console to access the Red Hat Single Sign-On administration console.
    • For an OpenShift installation:

      1. Navigate to <OPENSHIFT_URL>/console/project/mta/overview in a browser.

        Note

        If you renamed the OpenShift project when deploying, replace mta with the name of your project.

      2. Click the link in the SSO HTTPS application and add "/auth" to the end of the URL.
      3. Select Administration Console to access the Red Hat Single Sign-On administration console.
  3. Log in with an administrative user’s credentials. The default credentials are admin and password.
  4. In the upper left corner, select the mta realm from the drop down.
  5. From the left-side navigation menu, select Users and then click View all users.
  6. From the mta user’s row, click Delete and confirm.

4.4. Adding a web console user

When authentication is enabled for the web console, administrators will need to add users so that they can access the web console.

Follow these steps to add a new web console user.

  1. Make sure that the web console is running.
  2. Open the Red Hat Single Sign-On administration console.

    • For a .zip installation:

      1. Navigate to http://localhost:8080/auth/ in a browser.
      2. Select Administration Console to access the Red Hat Single Sign-On administration console.
    • For an OpenShift installation:

      1. Navigate to <OPENSHIFT_URL>/console/project/mta/overview in a browser.

        Note

        If you renamed the OpenShift project when deploying, replace mta with the name of your project.

      2. Click the link in the SSO HTTPS application and add "/auth" to the end of the URL.
      3. Select Administration Console to access the Red Hat Single Sign-On administration console.
  3. Log in with an administrative user’s credentials. The default credentials are admin and password.
  4. In the upper left corner, select the mta realm from the drop down.
  5. From the left-side navigation menu, select Users and then click Add user.
  6. Enter the Username, First Name, Last Name, and any other required fields and click Save.
  7. Once the user has been added, select the Credentials tab.
  8. Enter a temporary password in the New Password and Password Confirmation fields, and leave the Temporary field set to ON.
  9. Click Reset Password and then click Change password in the confirmation popup.

The user is enabled by default and will be required to set a new password when they log in to the web console with this temporary password.





Revised on 2021-08-02 12:16:55 UTC