Red Hat Training

A Red Hat training course is available for Red Hat Application Migration Toolkit

Chapter 5. Configuring Authentication for the Web Console

You can configure the web console to require authentication, which is handled by Red Hat Single Sign-On. When enabled, users will be required to authenticate before being granted access to the web console.

It is recommended to complete the following steps to configure authentication for the web console.

5.1. Enable Authentication for Web Console

Note

If you have installed web console on OpenShift, authentication is already enabled and cannot be disabled.

Run the following script to require users to log in before accessing the web console. This script configures the Red Hat Single Sign-On login page to require users to authenticate before granting access to the web console.

$ RHAMT_HOME/switch_to_authentication_required.sh
Note

In a Windows environment, use the switch_to_authentication_required.bat script.

Now, whenever you start the web console, users will be required to authenticate to access it.

5.2. Change the Administrative User’s Credentials

When you enable authentication for the web console, a default administrative user is provided with the username admin and password password. You should change this password so that only those that are authorized can make further changes to web console users.

Follow these steps to change the default administrative user’s password.

  1. Make sure that the web console is running.
  2. Open the Red Hat Single Sign-On administration console.

    • For a ZIP installation:

      1. Navigate to http://localhost:8080/auth/ in a browser.
      2. Select Administration Console to access the Red Hat Single Sign-On administration console.
    • For an OpenShift installation:

      1. Navigate to OPENSHIFT_URL/console/project/rhamt/overview in a browser.

        Note

        If you renamed the OpenShift project when deploying, replace rhamt with the name of your project.

      2. Click the link in the SSO HTTPS application and add "/auth" to the end of the URL.
      3. Select Administration Console to access the Red Hat Single Sign-On administration console.
  3. Log in with the default credentials of admin and password.
  4. In the upper left corner, select the Master realm from the drop down.
  5. In the left-side navigation menu, select Users and then click View all users.
  6. From the admin user’s row, click Edit.
  7. Select the Credentials tab.
  8. Enter the new password in the New Password and Password Confirmation fields.
  9. Change the Temporary field to OFF to not require the user to change the password upon next login.
  10. Click Reset Password and then click Change password in the popup.

You can also remove this default administrative user completely and create your own administrative users. However, be sure to add the new users before removing the default user.

5.3. Remove the Default Web Console User

A default web console user is provided with the web console with the username rhamt and password password. When you enable authentication for the web console, you should remove this user so that the web console can only be accessed by authorized users.

Follow these steps to remove the default web console user.

  1. Make sure that the web console is running.
  2. Open the Red Hat Single Sign-On administration console.

    • For a ZIP installation:

      1. Navigate to http://localhost:8080/auth/ in a browser.
      2. Select Administration Console to access the Red Hat Single Sign-On administration console.
    • For an OpenShift installation:

      1. Navigate to OPENSHIFT_URL/console/project/rhamt/overview in a browser.

        Note

        If you renamed the OpenShift project when deploying, replace rhamt with the name of your project.

      2. Click the link in the SSO HTTPS application and add "/auth" to the end of the URL.
      3. Select Administration Console to access the Red Hat Single Sign-On administration console.
  3. Log in with an administrative user’s credentials. The default credentials are admin and password.
  4. In the upper left corner, select the Rhamt realm from the drop down.
  5. From the left-side navigation menu, select Users and then click View all users.
  6. From the rhamt user’s row, click Delete and confirm.

5.4. Add a New Web Console User

When authentication is enabled for the web console, administrators will need to add users so that they can access the web console.

Follow these steps to add a new web console user.

  1. Make sure that the web console is running.
  2. Open the Red Hat Single Sign-On administration console.

    • For a ZIP installation:

      1. Navigate to http://localhost:8080/auth/ in a browser.
      2. Select Administration Console to access the Red Hat Single Sign-On administration console.
    • For an OpenShift installation:

      1. Navigate to OPENSHIFT_URL/console/project/rhamt/overview in a browser.

        Note

        If you renamed the OpenShift project when deploying, replace rhamt with the name of your project.

      2. Click the link in the SSO HTTPS application and add "/auth" to the end of the URL.
      3. Select Administration Console to access the Red Hat Single Sign-On administration console.
  3. Log in with an administrative user’s credentials. The default credentials are admin and password.
  4. In the upper left corner, select the Rhamt realm from the drop down.
  5. From the left-side navigation menu, select Users and then click Add user.
  6. Enter the Username, First Name, Last Name, and any other required fields and click Save.
  7. Once the user has been added, select the Credentials tab.
  8. Enter a temporary password in the New Password and Password Confirmation fields, and leave the Temporary field set to ON.
  9. Click Reset Password and then click Change password in the confirmation popup.

The user is enabled by default and will be required to set a new password when they log in to the web console with this temporary password.





Revised on 2018-04-04 12:21:24 EDT