Hey
How do I enable SSO outside IIS?
I have followed this guide:
But how do I create an dashboard with SSO?
Thanks in advance.
Once you have SSO enabled via the linked documentation, you can set the dashboard authentication to enabled and it will require authentication (and a force SSO challenge) when accessing the dashboard.
When accessing a dashboard - i’m redirected to the form authentication.
This is my appsettings.json
{
“Windows”: { “Enabled”: “true”},
“Kestrel”: {
“Endpoints”: {
“HTTPS”: {
“Url”: “https://*:443”,
“Certificate”: {
“Subject”: “server02.den.local”,
“Store”: “My”,
“Location”: “LocalMachine”,
“AllowInvalid”: “true”
}
}
}
}
}
You have to make sure your appsettings.json is formatted correctly. Primarily be aware that the Windows auth is in the Authentication section below.
{
"Kestrel": {
"Endpoints": {
"HTTPS": {
"Url": "https://*:443"
“Subject”: “server02.den.local”,
“Store”: “My”,
“Location”: “LocalMachine”,
“AllowInvalid”: “true”
}
}
},
"RedirectToHttps": "false"
},
"ApplicationInsights": {
"InstrumentationKey": ""
},
"Logging": {
"Path": "%PROGRAMDATA%/PowerShellUniversal/log.txt",
"RetainedFileCountLimit": 31,
"LogLevel": {
"Default": "Information",
"Microsoft": "Warning",
"Microsoft.Hosting.Lifetime": "Information",
"Grpc": "Information"
}
},
"AllowedHosts": "*",
"CorsHosts": "",
"Plugins": [
"UniversalAutomation.LiteDBv5"
],
"Data": {
"RepositoryPath": "%ProgramData%\\UniversalAutomation\\Repository",
"ConnectionString": "filename=%ProgramData%\\UniversalAutomation\\database.db;upgrade=true",
"GitRemote": "",
"GitUserName": "",
"GitPassword": "",
"GitBranch": "",
"GitSyncBehavior": "TwoWay",
"ConfigurationScript": ""
},
"Api": {
"Url": ""
},
"Authentication": {
"Windows": {
"Enabled": "true"
},
"WSFed": {
"Enabled": "false",
"MetadataAddress": "",
"Wtrealm": "",
"CallbackPath": "/auth/signin-wsfed",
"Wreply": "",
"UseTokenLifetime": true,
"CorrelationCookieSameSite": ""
},
"OIDC": {
"Enabled": "false",
"CallbackPath": "/auth/signin-oidc",
"ClientID": "",
"ClientSecret": "",
"Resource": "",
"Authority": "",
"ResponseType": "",
"SaveTokens": "false",
"CorrelationCookieSameSite": "",
"UseTokenLifetime": true,
"Scope": "openid profile groups",
"GetUserInfo": false
},
"ClientCertificate": {
"Enabled": "false"
},
"SessionTimeout": "25"
},
"Jwt": {
"SigningKey": "PleaseUseYourOwnSigningKeyHere",
"Issuer": "IronmanSoftware",
"Audience": "PowerShellUniversal"
},
"UniversalAutomation": {
"JobHandshakeTimeout": 5,
"JobDebugging": false,
"ContinueJobOnServerStop": false
},
"UniversalDashboard": {
"AssetsFolder": "%ProgramData%\\PowerShellUniversal\\Dashboard",
"DashboardStartupTimeout": 10
},
"ShowDevTools": false,
"HideAdminConsole": false
}
We’re making auth configuration easier in 2.5. You’ll be able to enable it in the UI.
Thanx - my mistake (Authentication section)
