Integration with CERB server¶
CERB is complete user authorization solution which supports a number of authorization mechanisms (i.e. mobile token, onetime passwords, etc.). The following procedure describes configuration steps required to enable Fudo PAM to verify users credentials using CERB server.
CERB server configuration
- Adding RADIUS client.
- Select RADIUS clients > Add client to add Fudo PAM as a RADIUS client.
- Provide Fudo PAM IP address, client’s name and password and click Save.
Note
Password will be required to define external authorization server in Fudo PAM administration panel.
- Adding user group.
- Select Groups > Add group to define Fudo PAM users who will be authorized by the CERB server.
- Enter group’s name (
fudo_users
) and click Save.
- Adding user.
- Select Users > Add user to open new user definition window.
- Provide user name, description and select desired authorization module (refer to CERB server documentation form more information on authorization modules).
Note
Username is used to authenticate users on Fudo PAM.
- Assign user to previously created
fudo_users
group and click Save.
- Configuring service.
- Select Services > Add service to open new service definition window.
- Provide name identifying authorization service (
cerb_fudo
) and service description. - Add
fudo_users
group to service and click Add.
|product_name| server configuration
- Adding CERB external authorization server.
- Select > .
- Click to add CERB server definition.
- Provide CERB server IP address, secret and service name identifying authorization service.
Note
Secret must match the RADIUS client password on CERB server. Service name must match the service name on CERB
- Click .
- Adding user.
- Select > .
- Click .
- Provide basic user information.
Note
Username must match the user name defined on CERB server.
- Add safes that the user will be able to access.
- In the Authentication section, select External authentication from the Type drop-down list and select previously created Cerb server from the External authentication source drop-down list.
- Click .
Related topics: