Integration with CERB server

CERB is complete user authorization solution which supports a number of authorization mechanisms (i.e. mobile token, onetime passwords, etc.). The following procedure describes configuration steps required to enable Fudo PAM to verify users credentials using CERB server.

CERB server configuration

  1. Adding RADIUS client.
  • Select RADIUS clients > Add client to add Fudo PAM as a RADIUS client.
../../_images/CERB_client_1.png
  • Provide Fudo PAM IP address, client’s name and password and click Save.
../../_images/CERB_client_2.png

Note

Password will be required to define external authorization server in Fudo PAM administration panel.

  1. Adding user group.
  • Select Groups > Add group to define Fudo PAM users who will be authorized by the CERB server.
../../_images/CERB_group_1.png
  • Enter group’s name (fudo_users) and click Save.
../../_images/CERB_group_2.png
  1. Adding user.
  • Select Users > Add user to open new user definition window.
../../_images/CERB_user_1.png
  • Provide user name, description and select desired authorization module (refer to CERB server documentation form more information on authorization modules).
../../_images/CERB_user_2.png

Note

Username is used to authenticate users on Fudo PAM.

  • Assign user to previously created fudo_users group and click Save.
../../_images/CERB_user_3.png
  1. Configuring service.
  • Select Services > Add service to open new service definition window.
../../_images/CERB_service_1.png
  • Provide name identifying authorization service (cerb_fudo) and service description.
  • Add fudo_users group to service and click Add.
../../_images/CERB_service_2.png

|product_name| server configuration

  1. Adding CERB external authorization server.
  • Select Settings > External authentication.
  • Click Add external authentication source to add CERB server definition.
../../_images/cerb_integration_fudo_add_auth.png
  • Provide CERB server IP address, secret and service name identifying authorization service.

Note

Secret must match the RADIUS client password on CERB server. Service name must match the service name on CERB

../../_images/cerb_integration_fudo_define_auth.png
  • Click Save.
  1. Adding user.
  • Select Management > Users.
  • Click Add.
../../_images/cerb_integration_fudo_add_user.png
  • Provide basic user information.

Note

Username must match the user name defined on CERB server.

../../_images/fudo_users_general.png
  • Add safes that the user will be able to access.
../../_images/fudo_users_safe.png
  • In the Authentication section, select External authentication from the Type drop-down list and select previously created Cerb server from the External authentication source drop-down list.
../../_images/fudo_users_authentication.png
  • Click Save.

Related topics: