SSO Authentication

note：SSO Authentication is a feature of JumpServer Enterprise Edition

tip

• Integrate with the third-party system with SSO

1 Operation Process

• Update JumpServer config file to enable SSO.

vi /opt/jumpserver/config/config.txt

AUTH_SSO=True

• Save the modifications and restart JumpServer to apply the changes.

2 Usage

• Obtain any administrator token through API to create a password free access link for other users.

curl -X POST https://demo.jumpserver.org/api/v1/authentication/auth/ \
  -H 'Content-Type: application/json' \
  -d '{"username": "admin", "password": "xxxxxx"}'

{"token":"702ec7d22ea24a749140a00a98872e40", ...}

Token UsagePrivate Token Usage

curl -X POST https://demo.jumpserver.org/api/v1/authentication/sso/login-url/ \
  -H 'Content-Type: application/json' \
  -H "Authorization: Bearer 702ec7d22ea24a749140a00a98872e40" \
  -d '{"username": "zhangsan", "next": "/luna/"}'

curl -X POST https://demo.jumpserver.org/api/v1/authentication/sso/login-url/ \
  -H 'Content-Type: application/json' \
  -H "Authorization: Token 937b38011acf499eb474e2fecb424ab3" \
  -d '{"username": "zhangsan", "next": "/luna/"}'

Respons:
{
    "login_url": "http://demo.jumpserver.org/api/v1/authentication/sso/login/?authkey=779e97cc-cd05-41a7-a3c3-0320896ba309&next=%2Fluna%2F"
}
# Directly accessing this link, users can password free login to the Luna page using their identity without the need for a password.  
# set {"username": "zhangsan", "next": "/luna/"}  in user login page
# zhangsan is the username of JumpServer user list，You can configure according to your specific situation.