RH362 - ch09s02

Preface A: Introduction

Section A.1: Red Hat Security: Identity Management and Authentication

Section A.2: Orientation to the Classroom Environment

Section A.3: Performing Lab Exercises

Chapter 1: Identity Management in Red Hat Enterprise Linux

Section 1.1: The IdM Ecosystem

Section 1.2: Quiz: The IdM Ecosystem

Section 1.3: The IdM Infrastructure Topology

Section 1.4: Guided Exercise: The IdM Infrastructure Topology

Section 1.5: The IdM Administrative Interfaces

Section 1.6: Guided Exercise: The IdM Administrative Interfaces

Section 1.7: Quiz: Identity Management in Red Hat Enterprise Linux

Section 1.8: Summary

Chapter 2: Identity Management Core Technologies

Section 2.1: The System Security Services Framework

Section 2.2: Guided Exercise: The System Security Services Framework

Section 2.3: The Kerberos Authentication Protocol

Section 2.4: Guided Exercise: The Kerberos Authentication Protocol

Section 2.5: The Public Key Infrastructure

Section 2.6: Guided Exercise: Managing Certificates

Section 2.7: Lab: Working with Identity Management Core Technologies

Section 2.8: Summary

Chapter 3: Installing Identity Management in Red Hat Enterprise Linux

Section 3.1: Installing an Identity Management Server

Section 3.2: Guided Exercise: Installing an Identity Management Server

Section 3.3: Installing an Identity Management Client

Section 3.4: Guided Exercise: Installing an Identity Management Client

Section 3.5: Installing an Identity Management Replica

Section 3.6: Guided Exercise: Installing an Identity Management Replica

Section 3.7: Automating an Identity Management Installation

Section 3.8: Guided Exercise: Automating an Identity Management Installation

Section 3.9: Lab: Installing Identity Management in Red Hat Enterprise Linux

Section 3.10: Summary

Chapter 4: Implementing an Identity Management Topology

Section 4.1: Establishing Replication Agreements

Section 4.2: Guided Exercise: Establishing Replication Agreements

Section 4.3: Managing the Essential IdM Server Roles

Section 4.4: Guided Exercise: Managing the Essential IdM Server Roles

Section 4.5: Lab: Implementing an Identity Management Topology

Section 4.6: Summary

Chapter 5: Managing the CA and DNS Integrated Services

Section 5.1: Managing the Integrated Certificate Authority

Section 5.2: Guided Exercise: Managing the Integrated Certificate Authority

Section 5.3: Managing the Integrated DNS Service

Section 5.4: Guided Exercise: Managing the Integrated DNS Service

Section 5.5: Lab: Managing the CA and DNS Integrated Services

Section 5.6: Summary

Chapter 6: Managing Users and Configuring User Access

Section 6.1: Managing IdM Users and Hosts

Section 6.2: Guided Exercise: Managing IdM Users and Hosts

Section 6.3: Implementing IdM User Access Control

Section 6.4: Guided Exercise: Managing IdM User Access Control

Section 6.5: Managing Kerberos Principals, Policies, and External Authentication

Section 6.6: Guided Exercise: Managing Kerberos Principals, Policies, and External Authentication

Section 6.7: Configuring Network-shared Home Directories

Section 6.8: Guided Exercise: Configuring Network-shared Home Directories

Section 6.9: Lab: Managing Users and Configuring User Access

Section 6.10: Summary

Chapter 7: Configuring Alternative Authentication Services

Section 7.1: Managing Smart Card Authentication

Section 7.2: Guided Exercise: Managing Smart Card Authentication

Section 7.3: Working with Vaults in Identity Management

Section 7.4: Guided Exercise: Working with Vaults in Identity Management

Section 7.5: Implementing Two-factor Authentication

Section 7.6: Guided Exercise: Implementing Two-factor Authentication

Section 7.7: Lab: Configuring Alternative Authentication Services

Section 7.8: Summary

Chapter 8: Integrating Identity Management with Active Directory

Section 8.1: Establishing a Trust Relationship between IdM and AD

Section 8.2: Guided Exercise: Establishing a Trust Relationship between IdM and AD

Section 8.3: Managing AD User Integration with ID Views

Section 8.4: Guided Exercise: Managing AD User Integration with ID Views

Section 8.5: Quiz: Integrating Identity Management with Active Directory

Section 8.6: Summary

Chapter 9: Integrating Identity Management with Red Hat Utilities

Section 9.1: Implementing Single Sign-on

SectionSection 9.2: Guided Exercise: Implementing Single Sign-on

Section 9.3: Integrating IdM with Red Hat Satellite

Section 9.4: Guided Exercise: Integrating IdM with Red Hat Satellite

Section 9.5: Configuring Automation Controller with IdM Authentication

Section 9.6: Guided Exercise: Configuring Automation Controller with IdM Authentication

Section 9.7: Lab: Integrating Identity Management with Red Hat Utilities

Section 9.8: Summary

Chapter 10: Troubleshooting and Disaster Recovery Planning for IdM

Section 10.1: Recovering IdM with Backups and Replication

Section 10.2: Guided Exercise: Recovering IdM with Backups and Replication

Section 10.3: Troubleshooting IdM

Section 10.4: Guided Exercise: Troubleshooting IdM

Section 10.5: Lab: Troubleshooting and Disaster Recovery Planning for IdM

Section 10.6: Summary

Chapter 11: Comprehensive Review

Section 11.1: Comprehensive Review

Section 11.2: Lab: Building a Multiple Server IdM Topology

Section 11.3: Lab: Working with Identity Management

Section 11.4: Lab: Working with Single Sign-on Technology

Bookmark this page

P 1 2 3 4 5 6 7 8 9 10 11

Guided Exercise: Implementing Single Sign-on

Configure single sign-on and test its functionality.

Outcomes

Configure SSO integration with IdM.

As the student user on the workstation machine, use the lab command to prepare your system for this exercise:

[student@workstation ~]$ lab start products-sso

Instructions

[student@workstation ~]$ ssh utility
[student@utility ~]$ sudo -i
[sudo] password for student: student

Verify that the utility machine has access to the realm.

[root@utility ~]# kinit admin
Password for admin@LAB.EXAMPLE.COM: RedHat123^

Log out of the utility machine.

[root@utility ~]# logout
[student@utility ~]$ logout
Connection to utility closed.
[student@workstation ~]$

Navigate to the SSO web console at http://utility.lab.example.com:8080 and configure the ldap realm to use the IdM LDAP server. Log in as the admin user with RedHat123^ as the password.

Navigate to Configure → Realm Settings and verify that the Name field is set to ldap, indicating that you are in the ldap realm.
Navigate to Configure → User Federation, click Add provider, and select ldap from the list.

Use the following values to configure the ldap realm:

Property	Value
Enabled	`ON`
Console Display Name	`ldap`
Priority	0
Import Users	`ON`
Edit Mode	`READ_ONLY`
Sync Registrations	`OFF`
Vendor	`Red Hat Directory Server`
Username LDAP attribute	`uid`
RDN LDAP attribute	`uid`
UUID LDAP attribute	`ipaUniqueID`
User Object Classes	`inetOrgPerson`, `organizationalPerson`
Connection URL	`ldaps://idm.lab.example.com:636`
Users DN	`cn=users,cn=accounts,dc=lab,dc=example,dc=com`
Search Scope	`One Level`
Bind Type	`simple`
Bind DN	`uid=admin,cn=users,cn=accounts,dc=lab,dc=example,dc=com`
Bind Credential	`RedHat123^`

Click Save and then click Synchronize all users.

Log in to the client machine and start a Kerberos session.
1. Log in to the client machine as the student user:
```
[student@workstation ~]$ ssh client
```
2. Start a Kerberos session as the admin user with the RedHat123^ password
```
[student@client ~]$ kinit admin
Password for admin@LAB.EXAMPLE.COM: RedHat123^
```

Verify that the idmuser03 exists in IdM:

[student@client ~]$ ipa user-find idmuser03
--------------
1 user matched
--------------
  User login: idmuser03
...output omitted...

Verify that SSO uses IdM as identity provider by getting an OpenID Connect token.
1. Log out of the client machine to return to the workstation machine:
```
[student@client ~]$ logout
Connection to client closed.
[student@workstation ~]$
```
2. On the workstation machine, change to the ~/materials/labs/products-sso/ directory and run the get_token.sh script to get an OpenID Connect token from the SSO server for the idmuser03 in the ldap SSO realm.
```
[student@workstation ~]$ cd materials/labs/products-sso
[student@workstation products-sso]$ ./get_token.sh idmuser03 RedHat123^ ldap
{"access_token":"eyJhbGciOiJS...
...output omitted...
```
3. Return to the student user home directory:
```
[student@workstation products-sso]$ cd
[student@workstation ~]$
```

Finish

On the workstation machine, use the lab command to complete this exercise. This step is important to ensure that resources from previous exercises do not impact upcoming exercises.

[student@workstation ~]$ lab finish products-sso

Discuss Red Hat Security: Identity Management and Authentication

Go to community

Welcome to the Red Hat Security: Identity Management and Active Directory Integration group!

Syed

26 wrz 2023

We are excited to launch a space dedicated to the Red Hat Training course Red Hat Security: Identity Management and Active Directory Integration! To gain the most value from this group - click the "Join Group" button in the upper right hand corner of the group home page.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to RH362.Read more about Red Hat Security: Identity Management and Active Directory Integration here.

215

Revision: rh362-9.1-4c6fdb8