Connect to SSO provider

SSO authentication Copied

To use SSO, the Geneos administrator needs to enable SSO logins for each Gateway and to ensure either that Obcerv or Gateway Hub is configured to provide identity management services to Geneos or that at least one instance of the Geneos SSO Agent is running.

Configure Active Console for SSO Copied

To use SSO login authentication in Active Console

  1. Open Active Console on the operating system platform on your machine.
  2. Go to Workspace > General settings. See Workspace settings.
  3. Enter the agent’s URL in the SSO Agent URL field.
  1. Click Save to apply the changes.
  2. Click SSO Login on the toolbar.

Set up one or more Gateway connections to use the SSO Logon method, either individually or through the workspace logon setting. For more information, see Gateways Dockable and Workspace settings.

Note

Versions of Active Console before version 4.3 cannot process a configuration that references an unknown login method. If these encounter references to the SSO logon method, these fail to load any connection details at all. If your workspace file specifies SSO as the workspace logon type or if it specifies SSO as the logon method for any connection, you cannot use it with an older version of Active Console. Additionally, a remote connection file which specifies LM_SSO as the logon method for any connection cannot be used with an older version of Active Console.

The Active Console supports SSO Agent connections with Kerberos, and negotiates authentication on macOS and Ubuntu. For more information, see SSO Agent User Guide.

If an error occurs when connecting to SSO Agent in the Active Console on macOS or Ubuntu:

  1. Check that the values in the krb5.conf file are valid. This is located in the installation folder /resources/configuration of your application.
  2. Open Active Console and follow the same steps when connecting to SSO Agent.

This is an example configuration of krb5.conf file:

[libdefaults]
 default_realm = <user-domain>
 default_tkt_enctypes = aes128-cts rc4-hmac des3-cbc-sha1
des-cbc-md5 des-cbc-crc
 default_tgs_enctypes = aes128-cts rc4-hmac des3-cbc-sha1
des-cbc-md5 des-cbc-crc
 permitted_enctypes   = aes128-cts rc4-hmac des3-cbc-sha1
des-cbc-md5 des-cbc-crc
[realms]
 <user-domain> = {
  kdc = <active directory IP addres, example 192.168.10.2>
  default_domain = <user-domain>
}
[domain_realm]
 .<user-domain>= <user-domain>

Use the SSO login and logout button Copied

If your Active Console is in the same NT domain as the SSO Agent, Active Console logs you in automatically, assuming that one or more Gateways are available and set up to use the SSO login method.

The SSO Login/Logout button, which appears in the toolbar area of the ActiveConsole 2, allows you to log in and out manually:

["Geneos"] ["Geneos > Active Console"] ["User Guide"]

Was this topic helpful?