Red Hat Single Sign-On Administration

Bookmark this page
P123456
PreviousNext

Guided Exercise: Explore and Configure the Admin Console

  • Explore the features of the Red Hat Single Sign-On web based admin console.

Outcomes

  • Navigate the RH-SSO Admin Console.

  • Create realms and users.

  • Enable and review the logs for the login and admin events.

  • Navigate the RH-SSO user account console.

As the student user on the workstation machine, use the lab command to prepare your system for this exercise.

This command prepares your environment and ensures that all required resources are available.

[student@workstation ~]$ lab start install-adminconsole

Procedure 2.2. Instructions

  1. Log in as the admin user in the RH-SSO Admin Console.

    1. On the workstation machine, use Firefox to navigate to the RH-SSO web UI URL at https://sso.lab.example.com:8080.

    2. Click Administration Console. Log in as the admin user with redhat as the password. By default, the main page shows the Realm Settings menu for the rhtraining realm.

  2. Create a realm called demo.

    1. Hover over the Rhtraining realm name in the left menu of your screen.

    2. Click the Add realm button that appears.

    3. In the Add realm menu, enter demo in the Name field and click Create.

    4. The Demo realm configuration page appears.

  3. Enable the logs for the login and admin events.

    1. In the left menu of your screen, click ManageEvents.

    2. Click the Config tab.

    3. In the Login Events Settings section, switch Save Events to ON. This option saves the login events to the database, making them available to the admin and account management consoles. Set Expiration to 10 hours.

    4. In the Admin Events Settings section, switch Save Events to ON.

    5. Click Save.

  4. Review the login and admin events log.

    1. Change to the Login Events tab. The events list is empty because no log in attempt has been registered after the login events activation.

    2. Change to the Admin Events tab. There is one event regarding the logging activation. You can verify that it is an update of the events configuration.

  5. Create a user called johndoe in the Demo realm. The configuration parameters must be as follows:

    ParameterValue
    Usernamejohndoe
    Emailjohndoe@example.com
    First NameJohn
    Last NameDoe

    1. Verify that the Demo realm is selected. In the left menu of your screen, click ManageUsers.

    2. Click Add user.

    3. Fill the different fields by using the parameters in the table. Leave the other fields as per default.

    4. Click Save to create the user. The johndoe user configuration page appears.

  6. Create a temporary password for the johndoe user. The user must change it after accessing the account for the first time.

    1. In the user configuration page, navigate to the Credentials tab.

    2. Fill the Password and Password Confirmation fields by using testpass. Verify that the Temporary selection button is ON.

    3. Click Set Password. In the confirmation window that appears, click Set password.

  7. Confirm the johndoe user can access its account console in the Demo realm.

    1. Open a new tab in Firefox and navigate to https://sso.lab.example.com:8080/auth/realms/demo/account/. Click Sign in.

    2. Log in as the johndoe user with the temporary password testpass.

    3. An Update password page appears. Use redhat as the new password for the johndoe user.

  8. Review the login and admin events log after the user creation and log in.

    1. Switch to the Admin Console tab in Firefox. In the left menu of your screen, click ManageEvents.

    2. Navigate to the Login Events tab. You can verify that RH-SSO stores the events when updating the password, when logging in to the account, or when a client exchanges a code for a token.

    3. Navigate to the Admin Events tab. The log stores the events when creating the user and setting their password.

  9. Log the johndoe user out of their session.

    1. Navigate to the ManageSessions menu.

    2. Verify that there is one active session for the account-console client. If there is no active session for the account-console client, then switch to the account console tab in Firefox and log in again as the johndoe user.

    3. Click the account-console client. In the Sessions tab for the account-console client, click Show Sessions. Verify that there is an active session for the johndoe user in the account-console client. Click the johndoe user.

    4. In the johndoe user configuration page, click the Sessions tab. Click Logout for the account-console client.

    5. Switch to the account console tab in Firefox and reload it. Verify the user is logged out from the account console. Close the tab.

Finish

On the workstation machine, use the lab command to complete this exercise. This step is important to ensure that resources from previous exercises do not impact upcoming exercises.

[student@workstation ~]$ lab finish install-adminconsole

This concludes the section.

PreviousNext
Revision: do313-7.6-bc10333