PKI sign-on to CloudForms using RH SSO 7.2 – Part 2 of 2

In the previous post, we looked at configuring SSO 7.2 for mutual TLS, requesting a user certificate that is validated against a configured trust store.

In this post we’ll look at the second half of that task – configuring CloudForms for SAML authentication and enabling the X.509 Browser Flow in SSO.

Read more “PKI sign-on to CloudForms using RH SSO 7.2 – Part 2 of 2”

PKI sign-on to CloudForms using RH SSO 7.2 – Part 1 of 2

(Part 2 is available here!)

With the advent of Public Key Infrastructure across organisations, it became possible to authenticate a user based on the certificate they provide. Red Hat Single Sign On 7.2 is able to authenticate users based on a provided certificate, matching some value from the certificate (e.g. CN, email) against RH SSO’s internal database of users.

When combined with the Security Assertion Markup Language (SAML) authentication out-of-the-box in CloudForms, we can achieve passwordless, certificate-based sign on to CloudForms.

There are three main areas to this configuration::

  1. Configuring RH SSO 7.2 for mutual TLS, requesting a client certificate.
  2. Configuring CloudForms for SAML against RH SSO 7.2.
  3. Enable the X.509 browser authentication flow in RH SSO 7.2.

Step 1 is the focus of this blog post. Steps 2 and 3 will follow in the next post.

Read more “PKI sign-on to CloudForms using RH SSO 7.2 – Part 1 of 2”