Red Hat support for SSO authentication
Red Hat Single Sign-On (RH-SSO) is based on the Keycloak project and allows you to secure your web applications by providing web single sign-on (SSO) capabilities based on popular standards like SAML 2.0, OpenID Connect, and OAuth 2.0.
NOTE: This feature is available in Bold BI Embedded Analytics, but not in Cloud Analytics Server.
This section explains how to perform Single Sign-On for users in Red Hat with the Bold BI application using Open ID Connect.
How to register the Bold BI application in Red Hat
NOTE: This configuration needs to be done on the Red Hat website.
Prerequisites
- An admin account in Red Hat.
- Install the Bold BI application.
Steps to register the Bold BI application
-
Please login to the Red Hat website using an admin account.
-
Navigate to the Security admin console, then go to the
Clientspage and select theCreateoption.
-
On the Add Client page, enter the client ID and select the Client protocol as
openid-connect,then clickSave.
-
Once the client has been created, please configure the following in the settings section and save the changes.
| Access Type | Set access type to confidential. |
| Implicit Flow Enabled | On |
| Valid redirect URIs | URL Format: https://{domain}/signin-oidc Example: https://example.com/signin-oidc Note: The Redirect URI is found under the OpenID Connect settings of your Bold BI application, as in the following screenshot. |
After successfully registering with Red Hat, save these settings on the Bold BI settings page to enable this authentication.
Enable Red Hat authentication support in Bold BI
Configure the settings in Bold BI, as shown in the following screenshot, to enable authentication using Red Hat.
The fields that need to be saved in Bold BI in order to enable Red Hat for authentication are explained as follows.
| Enable Open ID Connect | Enabled |
| Provider Name | It represents the name of the authentication provider to be displayed on the login page. |
| Provider Logo | It represents the logo of the authentication provider to be displayed on the login page. |
| Authority | It must be the URL of your Red Hat instance. URL format: https://{host}/auth/realms/{realm} Note: The Authority URL only accepts HTTPS, and Red Hat should be configured in HTTPS.. |
| Client ID | The Client ID is the one you get after registering the Bold BI application on the Red Hat website. Note: Client ID is available in the Clients page. |
| Client Secret | The Client Secret is the one you get after registering the Bold BI application on the Red Hat website. Note: Client Secret is available in the Credentials section of the Client details page. |
| Identifier | The Bold BI application requires an email address to login to the application. So, please set the identifier as email. Note: All accounts in Red Hat should have a valid email address. |
| Logout Endpoint | It is the endpoint in the Red Hat website that signs the user out. |
Login with Red Hat
-
Please go to the login page and select the Red Hat option to log in.
-
Please enter your username and password in the Red Hat SSO login screen and proceed to sign in.
