Configuring single sign-on

Introduction

The NSP supports single sign-on, or SSO access, as described in OAUTH2 user authentication. Multiple authentication sources of the same or different type are supported.

Configuring LDAPS or secure AD

TLS certificates for LDAPS communication must be copied to the /tls/ldap directory below the NSP installation directory.

Using LDAPS or AD requires a TLS certficate.

The LDAP server IP or hostname must be in the SAN field of the certificate.
The same IP or hostname must be used in the NSP configuration for that LDAP or AD server, which can be configured on Users and System Security in the NSP UI.

NSP SSO configuration parameters

To configure remote authentication sources and brute force settings, go to Users and System Security settings in the NSP UI.

You set parameters in nsp-config.yml to enable HSTS for secure web-browser access. Table 6-1, SSO parameters, NSP configuration file lists and describes the configuration parameters in the sso subsection, nsp section of the nsp-config.yml file.

Table 6-1: SSO parameters, NSP configuration file

Section and parameters	Description
hsts	Whether to enable HSTS headers that tell client browsers to use only HTTPS and a valid CA certificate Default: false

Section and parameters

Description

hsts

Whether to enable HSTS headers that tell client browsers to use only HTTPS and a valid CA certificate

Default: false