{"id":10104,"date":"2022-05-25T03:39:10","date_gmt":"2022-05-25T03:39:10","guid":{"rendered":"https:\/\/www.insentragroup.com\/us\/?p=10104"},"modified":"2024-12-13T02:01:29","modified_gmt":"2024-12-13T02:01:29","slug":"how-to-configure-ansible-automation-saml-sso-with-red-hat-sso","status":"publish","type":"post","link":"https:\/\/www.insentragroup.com\/us\/insights\/geek-speak\/modern-workplace\/how-to-configure-ansible-automation-saml-sso-with-red-hat-sso\/","title":{"rendered":"How to configure Ansible Automation SAML SSO with Red Hat SSO"},"content":{"rendered":"\n<h4 class=\"wp-block-heading\" id=\"requirements\">Requirements<\/h4>\n\n\n\n<ul class=\"wp-block-list\"><li>Ansible Automation Platform, Ansible Tower or AWX installed and configured<\/li><li>RH SSO or Keycloak installed and configured<\/li><li>Access to both consoles<\/li><\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"sso-realm-configuration\">SSO Realm Configuration<\/h4>\n\n\n\n<ul class=\"wp-block-list\"><li>Navigate to RH SSO console: https:\/\/sso01.avail.insentra.net.au:8443\/auth or any other<\/li><li>Log in as \u2018admin\u2019<\/li><li>Create a new realm called \u2018tower\u2019 (keep it lowercase)<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img fetchpriority=\"high\" decoding=\"async\" width=\"1024\" height=\"483\" src=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-6-1024x483.png\" alt=\"\" class=\"wp-image-10105\" srcset=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-6-1024x483.png 1024w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-6-300x141.png 300w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-6-768x362.png 768w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-6.png 1190w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Click on Keys Tab, navigate to Providers, and have a look at all the providers (certificates)<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"372\" src=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-8-1024x372.png\" alt=\"\" class=\"wp-image-10107\" srcset=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-8-1024x372.png 1024w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-8-300x109.png 300w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-8-768x279.png 768w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-8.png 1187w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Open ssh session to a Linux server and generate a new private key and certificate for the realm. Given it is a certificate for the SSO realm, you need to specify the FQDN of the SSO server (RH SSO or Keycloak). In case your servers are behind the Load Balancer or a proxy, ensure to specify the FQDN of the LB or Proxy:<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;root@sso01 certs2]# openssl req -new -x509 -days 3650 -nodes -out saml.crt -keyout saml.key\nGenerating a RSA private key\n...........................+++++\n................................+++++\nwriting new private key to 'saml.key'\n-----\nYou are about to be asked to enter information that will be incorporated\ninto your certificate request.\nWhat you are about to enter is what is called a Distinguished Name or a DN.\nThere are quite a few fields but you can leave some blank\nFor some fields there will be a default value,\nIf you enter '.', the field will be left blank.\n-----\nCountry Name (2 letter code) &#91;XX]:AU \nState or Province Name (full name) &#91;]:NSW\nLocality Name (eg, city) &#91;Default City]:Sydney\nOrganization Name (eg, company) &#91;Default Company Ltd]:Red Hat\nOrganizational Unit Name (eg, section) &#91;]:Consulting\nCommon Name (eg, your name or your server's hostname) &#91;]:sso01.avail.insentra.net.au\nEmail Address &#91;]:\n<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>If you created the files on a remote machine, copy both files (saml.crt and saml.key) to your local machine from which you are connecting to your SSO server<\/li><li>Ensure to set relaxed read permissions on saml.key, otherwise UI will not be able to read the file.<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>chmod 777 saml.key<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Still in the context of SSO realm configuration, on Keys tab, ensure you are in Providers Tab and click Add keystore \u2192 rsa<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"372\" src=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-9-1024x372.png\" alt=\"\" class=\"wp-image-10108\" srcset=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-9-1024x372.png 1024w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-9-300x109.png 300w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-9-768x279.png 768w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-9.png 1188w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Change the name to RHSSO, set the Priority to 100 and select both: private RSA Key and X509 Certificates<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"370\" src=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-10-1024x370.png\" alt=\"\" class=\"wp-image-10109\" srcset=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-10-1024x370.png 1024w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-10-300x108.png 300w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-10-768x278.png 768w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-10.png 1192w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Click Save and go back to Providers. You should see something similar to this:<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"372\" src=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-11-1024x372.png\" alt=\"\" class=\"wp-image-10110\" srcset=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-11-1024x372.png 1024w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-11-300x109.png 300w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-11-768x279.png 768w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-11.png 1191w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Remove all other providers but RHSSO:<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"373\" src=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-12-1024x373.png\" alt=\"\" class=\"wp-image-10111\" srcset=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-12-1024x373.png 1024w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-12-300x109.png 300w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-12-768x280.png 768w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-12.png 1189w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"ansible-automation-saml-configuration\">Ansible Automation SAML Configuration<\/h4>\n\n\n\n<ul class=\"wp-block-list\"><li>Navigate to your Ansible Automation Controller and login with System Administrator privileges<\/li><li>Navigate to Settings (bottom left side of the screen) and select Miscellaneous System Settings on the right. Verify what is Base URL of the service is. By default, when the Ansible Tower or Ansible Automation Platform is installed, this variable will be set to https:\/\/tower. If this value is still https:\/\/tower, change it to either the FQDN of the Load Balancer or the server\u2019s name of the single Automation Controller. In this example the Automation Controller has been installed on a single node and as such its Base URL of the service has been set to https:\/\/ssodb04.example.net:<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"654\" src=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-13-1024x654.png\" alt=\"\" class=\"wp-image-10113\" srcset=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-13-1024x654.png 1024w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-13-300x192.png 300w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-13-768x490.png 768w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-13.png 1095w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Save the value of Base URL of the service. We will need this value in the next step<\/li><li>Click on Settings (left side) and select SAML settings<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"652\" src=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-14-1024x652.png\" alt=\"\" class=\"wp-image-10114\" srcset=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-14-1024x652.png 1024w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-14-300x191.png 300w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-14-768x489.png 768w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-14.png 1101w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Scroll to the bottom of the page and click edit<\/li><li>Set SAML Service Provider Entity ID to the value of Base URL of the service from the previous step. In this case it is https:\/\/ssodb04.example.net<\/li><li>Leave Automatically Create Organizations and Teams on SAML Login enabled<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"199\" src=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-15-1024x199.png\" alt=\"\" class=\"wp-image-10115\" srcset=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-15-1024x199.png 1024w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-15-300x58.png 300w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-15-768x149.png 768w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-15.png 1098w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Specify the SAML Service Provider Public Certificate.<\/li><\/ul>\n\n\n\n<p>NOW\u2026 There are a few ways of doing this, but this is the certificate you need to generate for your Ansible Controller. If your Ansible Controller is in cluster configuration and all the nodes are behind the Load Balancer &#8211; you need to generate the Certificate for the Load Balancer FQDN. Otherwise &#8211; generate it for the single Ansible Controller node. FOR THE TIME BEING, enter into the SAML Service Provider Public Certificate the certificate we generated for the REALM. WE WILL REPLACE IT LATER with correct ones.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Add SAML Service Provider Private Key &#8211; same logic like in a step above<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"378\" src=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-16-1024x378.png\" alt=\"\" class=\"wp-image-10116\" srcset=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-16-1024x378.png 1024w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-16-300x111.png 300w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-16-768x284.png 768w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-16.png 1102w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Specify SAML Service Provider Organization Info. In this info you need to specify the URL to your SSO authentication service. By Default, RH SSO and Keycloak would run the authentication on port 8443\/tcp. Make also sure you specify https as the protocol.<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>{\n  \"en-US\": {\n    \"url\": \"https:\/\/sso01.avail.insentra.net.au:8443\",\n    \"name\": \"RHSSO\",\n    \"displayname\": \"RHSSO\"\n  }\n}\n<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Specify SAML Service Provider Technical Contact:<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>{\n  \"emailAddress\": \"arnold.schwarzenegger@example.net\",\n  \"givenName\": \"Arnold Schwarzenegger\"\n}\n<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Specify Service Provider Support Contact:<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>{\n  \"emailAddress\": \"arnold.schwarzenegger@example.net\",\n  \"givenName\": \"Arnold Schwarzenegger\"\n}\n<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Specify SAML Enabled Identity Provider:<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>{\n  \"RHSSO\": {\n    \"x509cert\": \"MIIDxTCCAq2gAwIBAgIUDgj+kvdvCoBx267JWdtWqTfC4hcwDQYJKoZIhvcNAQELBQAwcjELMAkGA1UEBhMCQVUxDDAKBgNVBAgMA05TVzEPMA0GA1UEBwwGU3lkbmV5MREwDwYDVQQKDAhJbnNlbnRyYTELMAkGA1UECwwCSVQxJDAiBgNVBAMMG3NzbzAxLmF2YWlsLmluc2VudHJhLm5ldC5hdTAeFw0yMjA1MDUwNTI1MDNaFw0yMzA1MDUwNTI1MDNaMHIxCzAJBgNVBAYTAkFVMQwwCgYDVQQIDANOU1cxDzANBgNVBAcMBlN5ZG5leTERMA8GA1UECgwISW5zZW50cmExCzAJBgNVBAsMAklUMSQwIgYDVQQDDBtzc28wMS5hdmFpbC5pbnNlbnRyYS5uZXQuYXUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6rIocKD4Hu6gL8ULYYUUo9nSCjORPgZ6+JQGfegjmhVhcaMyMO0igRkVq+Wpj0h3oAn4LB9Ccrg+iACNDPx43oUEJX3ulULln8RLdXOAYllMZEu\/FhTQA\/LTmKDTNHncOKXbuKyQtnvWp+6LQLKPH\/kQMY\/P1acEYeAC6FyVOC30MOO0151+Wns9wfSxSd3QJsRAIb8yu2LoFefej8jNXSvG0F+8CrEKfycOLRjbm3r0qnFL+GCegFYZ8FJdjmE2qHE0xmQbxrOhx9AnALfQITfhl8rCL6xTpk\/gRMcd4mROyuSRucfoNAGSPb7jJTVHNB2MgtRkILcGH859dU6zHAgMBAAGjUzBRMB0GA1UdDgQWBBSnfA9+GmlUh1wUVIg3K8aBNULxJzAfBgNVHSMEGDAWgBSnfA9+GmlUh1wUVIg3K8aBNULxJzAPBgNVHRMBAf8EBTADAQH\/MA0GCSqGSIb3DQEBCwUAA4IBAQBAUjHRL7Anzvu6qevVOxMyfe0ZTTRDPLfXtrS30TyFcXlig4n4kTSvy4Cd7244AUGNphDxsDMpONirkq5T7PLYwsrseqVNMhc4k9wexLHT5WtwiWX6U\/XAPei7iLQQJG7b3sTtu2FaW1bk7dBgWixzBoCTMlKhUkYrzAqOSiuLx\/lbMkU19C+BigpeEhGzeJT8XmyreVgrFK8HjQuN4hIVywJub1lDYcRcG3GclsLJ0UTgz3qyp3fy7H43SiisjvwRh7MLAvbUvyiLuitjMUgAFNI5RiXXvdRxAH1xErG2IK2tUW32T5ZboEpr7+4CVXCsQ1SC9B0Fy0X3AFCzv1PO\",\n    \"attr_first_name\": \"first_name\",\n    \"attr_email\": \"email\",\n    \"url\": \"https:\/\/sso01.avail.insentra.net.au:8443\/auth\/realms\/tower\/protocol\/saml\",\n    \"attr_user_permanent_id\": \"name_id\",\n    \"entity_id\": \"https:\/\/sso01.avail.insentra.net.au:8443\/auth\/realms\/tower\",\n    \"attr_groups\": \"groups\",\n    \"attr_last_name\": \"last_name\",\n    \"attr_username\": \"username\"\n  }\n}\n<\/code><\/pre>\n\n\n\n<p>x509cert &#8211; this is the certificate that was generated for the Realm. Navigate to your realm (tower), click on Keys and in Active Tab you should see your RHSSO certificate. Click on Certificate and copy the value to the clipboard. Ensure the string has been copied as indicated above. No Begin Certificate nor End Certificate are required.<\/p>\n\n\n\n<p>URL &#8211; this is your RH SSO authentication. The string has to include https:\/\/&lt;FQDN_OF_SSO_SERVER&gt;:8443\/auth\/realms\/tower\/protocol\/saml<\/p>\n\n\n\n<p>Where \u2018tower\u2019 in the string above is the name of the realm you have created. Change it if required (keep in mind we are dealing with Linux &#8211; so it is case sensitive).<\/p>\n\n\n\n<p>entitiy_id: https:\/\/&lt;FQDN_OF_SSO_SERVER&gt;:8443\/auth\/realms\/tower<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Specify SAML Organization Map. The following presents the simple config:<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>{\n  \"Default\": {\n    \"users\": true\n  },\n  \"Systems Engineering\": {\n    \"remove_users\": false,\n    \"remove_admins\": false,\n    \"users\": true,\n    \"admins\": &#91;\n      \"arnold.schwarzenegger@example.net\"\n    ]\n  }\n}\n<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Specify SAML Security Config<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>{\n  \"requestedAuthnContext\": false\n}\n<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Save the config. Verify if all the fields have been accepted. The most common issue is related to the json formatting.<\/li><li>Open a command line and run the following command. This command will execute the API call and export the client configuration for the RH SSO.<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>curl -k -L http:\/\/ssodb04.example.net\/sso\/metadata\/saml\/ &gt; client-import.xml<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Verify if the file is NOT empty. If it is empty &#8211; check the syntax of the command and if it still does not work, consider if the firewall permits the communication and if the SAML configuration has been finished successfully.<\/li><\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"configuration-of-the-client-client-scopes-on-rh-sso\">Configuration of the Client, Client Scopes on RH SSO<\/h4>\n\n\n\n<ul class=\"wp-block-list\"><li>Navigate to the RH SSO and log in as admin<\/li><li>Open the \u2018tower\u2019 realm and click on Clients<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"382\" src=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-17-1024x382.png\" alt=\"\" class=\"wp-image-10117\" srcset=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-17-1024x382.png 1024w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-17-300x112.png 300w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-17-768x286.png 768w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-17.png 1100w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Click Create in the right top corner and click Select file we generated in the step above using \u2018curl\u2019 command (client-import.xml). Click Save. You will be taken to Settings<\/li><li>Change the following settings:<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td><strong>Parameter<\/strong><strong><\/strong><\/td><td><strong>Value<\/strong><strong><\/strong><\/td><td><strong>Explanation<\/strong><strong><\/strong><\/td><\/tr><tr><td>Sign Documents<\/td><td>On<\/td><td><\/td><\/tr><tr><td>Sign Assertions<\/td><td>On<\/td><td><\/td><\/tr><tr><td>Encrypt Assertions<\/td><td>On<\/td><td><\/td><\/tr><tr><td>Client Signature Required<\/td><td>On<\/td><td><\/td><\/tr><tr><td>Force POST Binding<\/td><td>On<\/td><td><\/td><\/tr><tr><td>Valid Redirect URIs<\/td><td>https:\/\/ssodb04.example.net\/sso\/complete\/saml\/<\/td><td>It is your single node FQDN or LB FQDN<\/td><\/tr><tr><td>Master SAML Processing URL<\/td><td>https:\/\/ssodb04.example.net\/sso\/complete\/saml\/<\/td><td><\/td><\/tr><tr><td>Assertion Consumer Service POST Binding URL<\/td><td>https:\/\/ssodb04.example.net\/sso\/complete\/saml\/<\/td><td><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Click Save. Your configuration should resemble this:<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"885\" src=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-18-1024x885.png\" alt=\"\" class=\"wp-image-10118\" srcset=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-18-1024x885.png 1024w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-18-300x259.png 300w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-18-768x664.png 768w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-18.png 1097w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Click on Keys. This is the Key you generate for the Ansible Controller FQDN or Load Balancer FQDN. You can either do it manually and import it here or generate the key here.<\/li><li>Click Generate new keys<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"372\" src=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-19-1024x372.png\" alt=\"\" class=\"wp-image-10119\" srcset=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-19-1024x372.png 1024w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-19-300x109.png 300w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-19-768x279.png 768w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-19.png 1092w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Click on Export under the Certificate. Change Archive Format to PKCS12, specify Key Password, Store Password, and click Download:<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"379\" src=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-20-1024x379.png\" alt=\"\" class=\"wp-image-10120\" srcset=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-20-1024x379.png 1024w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-20-300x111.png 300w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-20-768x284.png 768w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-20.png 1096w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Open the command line and convert the p12 to unencrypted private key:<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;root@seba Downloads]# openssl pkcs12 -in keystore.p12 -out keystore.txt\nEnter Import Password:\nEnter PEM pass phrase:\nVerifying - Enter PEM pass phrase:\nError outputting keys and certificates\n405C18EE877F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto\/evp\/evp_fetch.c:349:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()\n<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Run another command to save the private certificate in an unencrypted pem format:<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;root@seba Downloads]# openssl rsa -in keystore.txt -out keystore.unencrypted\nEnter pass phrase for keystore.txt:\nwriting RSA key\n<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Do you remember that in Ansible Automation SAML Configuration configuration, &nbsp;you entered Certificate and Private key we generated for the Realm? It is time to replace those keys with proper ones<\/li><li>Navigate back to Ansible Automation Controller \u2192 Settings \u2192 SAML<\/li><li>Scroll to the bottom and click edit<\/li><li>Replace SAML Service Provider Private Key with the content of keystore. unencrypted from the step above<\/li><li>Replace SAML Service Provider Public Certificate with the Certificate from the Client Key section. Remember to add to the certificate the following: &#8212;&#8211;BEGIN CERTIFICATE&#8212;&#8211;|&#8212;&#8211;END CERTIFICATE&#8212;&#8211;. There are 5 dashes before and after.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"378\" src=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-21-1024x378.png\" alt=\"\" class=\"wp-image-10121\" srcset=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-21-1024x378.png 1024w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-21-300x111.png 300w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-21-768x283.png 768w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-21.png 1098w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Click Save in the Ansible Automation Controller SAML Config page<\/li><li>Navigate back to the RH SSO<\/li><li>Click on Client Scope of your \u2018tower\u2019 realm<\/li><li>Find rolelist Client Scope. Click on it<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"368\" src=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-22-1024x368.png\" alt=\"\" class=\"wp-image-10122\" srcset=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-22-1024x368.png 1024w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-22-300x108.png 300w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-22-768x276.png 768w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-22.png 1102w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Click on Mappers Tab and click role list. Ensure Single Role Attribute is set to ON and click SAVE:<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"379\" src=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-23-1024x379.png\" alt=\"\" class=\"wp-image-10123\" srcset=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-23-1024x379.png 1024w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-23-300x111.png 300w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-23-768x284.png 768w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-23.png 1097w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Navigate back to Client Scopes. Click Create. Specify tower for name and select saml as the Protocol. Click Save:<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"373\" src=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-24-1024x373.png\" alt=\"\" class=\"wp-image-10124\" srcset=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-24-1024x373.png 1024w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-24-300x109.png 300w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-24-768x280.png 768w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-24.png 1096w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Click on Mappers Tab and create the following Mappers:<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td><strong>Name<\/strong><strong><\/strong><\/td><td><strong>Mapper Type<\/strong><strong><\/strong><\/td><td><strong>Property<\/strong><strong><\/strong><\/td><td><strong>Friendly Name<\/strong><strong><\/strong><\/td><td><strong>SAML Attribute Name<\/strong><strong><\/strong><\/td><td><strong>SAML Attribute NameFormat<\/strong><strong><\/strong><\/td><\/tr><tr><td>first_name<\/td><td>User Property<\/td><td>firstName<\/td><td>First Name<\/td><td>first_name<\/td><td>Basic<\/td><\/tr><tr><td>user_name<\/td><td>User Property<\/td><td>username<\/td><td>User Name<\/td><td>username<\/td><td>Basic<\/td><\/tr><tr><td>email<\/td><td>User Property<\/td><td>email<\/td><td>Email<\/td><td>email<\/td><td>Basic<\/td><\/tr><tr><td>user_permanent_id<\/td><td>User Attribute<\/td><td>uid<\/td><td>name_id<\/td><td>name_id<\/td><td>Basic<\/td><\/tr><tr><td>last_name<\/td><td>User Property<\/td><td>lastName<\/td><td>Last Name<\/td><td>last_name<\/td><td>Basic<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"381\" src=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-25-1024x381.png\" alt=\"\" class=\"wp-image-10125\" srcset=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-25-1024x381.png 1024w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-25-300x112.png 300w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-25-768x286.png 768w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-25.png 1096w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"367\" src=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-26-1024x367.png\" alt=\"\" class=\"wp-image-10126\" srcset=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-26-1024x367.png 1024w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-26-300x107.png 300w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-26-768x275.png 768w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-26.png 1097w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"359\" src=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-27-1024x359.png\" alt=\"\" class=\"wp-image-10127\" srcset=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-27-1024x359.png 1024w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-27-300x105.png 300w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-27-768x269.png 768w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-27.png 1092w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"361\" src=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-28-1024x361.png\" alt=\"\" class=\"wp-image-10128\" srcset=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-28-1024x361.png 1024w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-28-300x106.png 300w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-28-768x271.png 768w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-28.png 1088w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"365\" src=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-29-1024x365.png\" alt=\"\" class=\"wp-image-10129\" srcset=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-29-1024x365.png 1024w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-29-300x107.png 300w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-29-768x274.png 768w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-29.png 1095w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Navigate to Clients, select your client, click on Client Scopes Tab, and add your new scope (tower):<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"372\" src=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-30-1024x372.png\" alt=\"\" class=\"wp-image-10130\" srcset=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-30-1024x372.png 1024w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-30-300x109.png 300w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-30-768x279.png 768w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-30.png 1097w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Navigate to Users and create a test user. Click Save<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"390\" src=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-31-1024x390.png\" alt=\"\" class=\"wp-image-10131\" srcset=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-31-1024x390.png 1024w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-31-300x114.png 300w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-31-768x293.png 768w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-31.png 1094w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Click on Credentials Tab. Set Temporary to OFF and set the password.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"425\" src=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-32-1024x425.png\" alt=\"\" class=\"wp-image-10132\" srcset=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-32-1024x425.png 1024w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-32-300x125.png 300w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-32-768x319.png 768w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-32.png 1093w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Time to test. Log out from the Ansible Automation Controller<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"516\" src=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-33-1024x516.png\" alt=\"\" class=\"wp-image-10133\" srcset=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-33-1024x516.png 1024w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-33-300x151.png 300w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-33-768x387.png 768w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-33.png 1092w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Click on Sign in with SAML. You should be taken to the RH SSO\/Keycloak:<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"669\" src=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-34-1024x669.png\" alt=\"\" class=\"wp-image-10134\" srcset=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-34-1024x669.png 1024w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-34-300x196.png 300w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-34-768x502.png 768w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-34.png 1094w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Enter the user we created before in SSO and click Sign In. You should be logged into the Ansible Automation Controller<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"659\" src=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-35-1024x659.png\" alt=\"\" class=\"wp-image-10135\" srcset=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-35-1024x659.png 1024w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-35-300x193.png 300w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-35-768x494.png 768w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-35.png 1096w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"589\" src=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-36-1024x589.png\" alt=\"\" class=\"wp-image-10136\" srcset=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-36-1024x589.png 1024w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-36-300x173.png 300w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-36-768x442.png 768w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-36.png 1099w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Verify the Sessions in RH SSO. Navigate to RH SSO, find Sessions on the left and click on it. On the right side you should see Realm Sessions and the client\u2019s name, including the number of active sessions:<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"376\" src=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-37-1024x376.png\" alt=\"\" class=\"wp-image-10137\" srcset=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-37-1024x376.png 1024w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-37-300x110.png 300w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-37-768x282.png 768w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-37.png 1092w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Click on the client. You will be taken to Sessions Tab in Client\u2019s configuration page. If you cannot see your session(s), click on Show Sessions on the right side:<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"233\" src=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-38-1024x233.png\" alt=\"\" class=\"wp-image-10138\" srcset=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-38-1024x233.png 1024w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-38-300x68.png 300w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-38-768x175.png 768w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/05\/image-38.png 1091w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>This concludes the tutorial<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Follow this step-by-step guide on how to configure Single Sign on for Ansible Automation and Red Hat Single Sing on or Keycloak. <\/p>\n","protected":false},"author":67,"featured_media":10140,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[19],"tags":[],"class_list":["post-10104","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-modern-workplace","entry"],"_links":{"self":[{"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/posts\/10104","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/users\/67"}],"replies":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/comments?post=10104"}],"version-history":[{"count":3,"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/posts\/10104\/revisions"}],"predecessor-version":[{"id":10471,"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/posts\/10104\/revisions\/10471"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/media\/10140"}],"wp:attachment":[{"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/media?parent=10104"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/categories?post=10104"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/tags?post=10104"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}