Connect to SSO Agent

SSO Agent authentication

To use SSO, the Geneos administrator needs to enable SSO logins for each Gateway and to ensure that at least one instance of the Geneos SSO Agent is running.

Configure Active Console for SSO

To use SSO login authentication in Active Console

  1. Open Active Console on the operating system platform on your machine.
  2. Go to Workspace > Advanced settings. See Advanced settings in Workspace Settings.
  3. Enter the agent's URL in the SSO Agent URL field.
  4. Click Save to apply the changes.
  5. Click SSO Login on the toolbar.

    Note: Specify the correct protocol to use between HTTP or HTTPS, host name, and port number.

Set up one or more Gateway connections to use the SSO Logon method, either individually or through the workspace logon setting. For more information, see Log on to Gateway in Gateways Dockable and Workspace Settings in Workspace Settings.

Note: Versions of Active Console before version 4.3 cannot process a configuration that references an unknown login method. If these encounter references to the SSO logon method, these fail to load any connection details at all. If your workspace file specifies SSO as the workspace logon type or if it specifies SSO as the logon method for any connection, you cannot use it with an older version of Active Console. Additionally, a remote connection file which specifies LM_SSO as the logon method for any connection cannot be used with an older version of Active Console.

The Active Console supports SSO Agent connections with Kerberos, and negotiates authentication on macOS and Ubuntu. For more information, see Configure Kerberos authentication in SSO Agent User Guide.

If an error occurs when connecting to SSO Agent in the Active Console on macOS or Ubuntu:

  1. Check that the values in the krb5.conf file are valid. This is located in the installation folder /resources/configuration of your application.
  2. Open Active Console and follow the same steps when connecting to SSO Agent.

This is an example configuration of krb5.conf file:

[libdefaults]
	default_realm = <user-domain>
	default_tkt_enctypes = aes128-cts rc4-hmac des3-cbc-sha1
des-cbc-md5 des-cbc-crc
	default_tgs_enctypes = aes128-cts rc4-hmac des3-cbc-sha1
des-cbc-md5 des-cbc-crc
	permitted_enctypes   = aes128-cts rc4-hmac des3-cbc-sha1
des-cbc-md5 des-cbc-crc
[realms]
	<user-domain> = {
		kdc = <active directory IP addres, example 192.168.10.2>
		default_domain = <user-domain>
}
[domain_realm]
	.<user-domain>= <user-domain>

Use the SSO login and logout button

If your Active Console is in the same NT domain as the SSO Agent, Active Console logs you in automatically, assuming that one or more Gateways are available and set up to use the SSO login method.

The SSO Login/Logout button, which appears in the toolbar area of the ActiveConsole 2, allows you to log in and out manually:

  • If you are logged in through SSO, the button is labelled SSO Logout. Clicking it logs you out and any SSO Gateways are displayed in grey, as if these are disabled.
  • If you are not logged in, the button is labelled SSO Login. Clicking it logs you in and establish connections to any SSO Gateways, other than those which have been explicitly disabled through the Connections settings dialog or by using the “Disconnect” menu action.
  • If the SSO Agent URL has not been configured, the button is disabled.