In the previous post, we looked at configuring SSO 7.2 for mutual TLS, requesting a user certificate that is validated against a configured trust store.
In this post we’ll look at the second half of that task – configuring CloudForms for SAML authentication and enabling the X.509 Browser Flow in SSO.
Read more “PKI sign-on to CloudForms using RH SSO 7.2 – Part 2 of 2”
(Part 2 is available here!)
With the advent of Public Key Infrastructure across organisations, it became possible to authenticate a user based on the certificate they provide. Red Hat Single Sign On 7.2 is able to authenticate users based on a provided certificate, matching some value from the certificate (e.g. CN, email) against RH SSO’s internal database of users.
When combined with the Security Assertion Markup Language (SAML) authentication out-of-the-box in CloudForms, we can achieve passwordless, certificate-based sign on to CloudForms.
There are three main areas to this configuration::
- Configuring RH SSO 7.2 for mutual TLS, requesting a client certificate.
- Configuring CloudForms for SAML against RH SSO 7.2.
- Enable the X.509 browser authentication flow in RH SSO 7.2.
Step 1 is the focus of this blog post. Steps 2 and 3 will follow in the next post.
Read more “PKI sign-on to CloudForms using RH SSO 7.2 – Part 1 of 2”