Configuring single sign-on

AEN’s single sign-on (SSO) capability creates a new authentication provider that defers to your Anaconda Repository for login and authentication cookies.

To enable SSO:

  1. Deploy AEN and Repository on the same machine.

  2. In the /opt/wakari/wakari-server/etc/wakari/config.json file, add:

    {
    EXISTING_CONFIGURATION,
    "SECRET_KEY": "<repo signing secret>",
    "REPO_LOGIN_URL":
       "http://example_repo.com:8080/account/login?next=http://example_repo.com/"
    }
    
  3. Copy the SECRET_KEY from the Repository configuration file.

  4. In the /opt/wakari/wakari-server/etc/wakari/wk-server-config.json file, modify:

    {
    EXISTING_CONFIGURATION,
    "accounts": "wk_server.plugins.accounts.repo",
    }
    
  5. If you are using Repository version 2.33.3 through 2.33.10, set USE_SERVER_BASED_SESSIONS: false in the Repository configuration.

    This setting affects the network security properties of AEN and Repository. Specifically, if USE_SERVER_BASED_SESSIONS is set to false, and if a new cross-site scripting (XSS) vulnerability is discovered, it could expose an additional server fixation vulnerability. Please discuss this with your Anaconda representative and be sure the feature is compatible with your network requirements before setting USE_SERVER_BASED_SESSIONS: false.

  6. To activate the changes restart wakari-server:

    sudo service wakari-server restart
    

SSO is enabled.