Configuring single sign-on

Introduction

The NSP supports single sign-on, or SSO access, as described in OAUTH2 user authentication. Multiple authentication sources of the same or different type are supported.

Configuring LDAPS or secure AD

TLS certificates for LDAPS communication must be defined in nsp-config.yml.

nsp:

deployment:

tls:

trustedCertificates: []

In the trustedCertificates field, enter the full path to the file.

Example:

trustedCertificates: ["/opt/certificates/ldap-server.pem"]

See “How do I update the NSP TLS certificate for remote authentication?” in the NSP System Administrator Guide for detailed instructions.

NSP SSO configuration parameters

To configure remote authentication sources and brute force settings, go to Users and System Security settings in the NSP UI.

You set parameters in nsp-config.yml to enable HSTS for secure web-browser access. Table 6-1, SSO parameters, NSP configuration file lists and describes the configuration parameters in the sso subsection, nsp section of the nsp-config.yml file.

Table 6-1: SSO parameters, NSP configuration file

Section and parameters	Description
hsts	Whether to enable HSTS headers that tell client browsers to use only HTTPS and a valid CA certificate Default: false

Section and parameters

Description

hsts

Whether to enable HSTS headers that tell client browsers to use only HTTPS and a valid CA certificate

Default: false