Temporarily disabling and reenabling single sign-on for one Admin Node
You might not be able to sign in to the Grid Manager if the single sign-on (SSO) system goes down. In this case, you can temporarily disable and reenable SSO for one Admin Node. To disable and then reenable SSO, you must access the node's command shell.
-
You must have specific access permissions.
-
You must have the
Passwords.txt
file. -
You must know the password for the local root user.
After you disable SSO for one Admin Node, you can sign in to the Grid Manager as the local root user. To secure your StorageGRID system, you must use the node's command shell to reenable SSO on the Admin Node as soon as you sign out.
Disabling SSO for one Admin Node does not affect the SSO settings for any other Admin Nodes in the grid. The Enable SSO check box on the Single Sign-on page in the Grid Manager remains selected, and all existing SSO settings are maintained unless you update them. |
-
Log in to an Admin Node:
-
Enter the following command:
ssh admin@Admin_Node_IP
-
Enter the password listed in the
Passwords.txt
file. -
Enter the following command to switch to root:
su -
-
Enter the password listed in the
Passwords.txt
file.When you are logged in as root, the prompt changes from
$
to#
.
-
-
Run the following command:
disable-saml
A message indicates that the command applies to this Admin Node only.
-
Confirm that you want to disable SSO.
A message indicates that single sign-on is disabled on the node.
-
From a web browser, access the Grid Manager on the same Admin Node.
The Grid Manager sign-in page is now displayed because SSO has been disabled.
-
Sign in with the username root and the local root user's password.
-
If you disabled SSO temporarily because you needed to correct the SSO configuration:
-
Select Configuration > Access Control > Single Sign-on.
-
Change the incorrect or out-of-date SSO settings.
-
Click Save.
Clicking Save from the Single Sign-on page automatically reenables SSO for the entire grid.
-
-
If you disabled SSO temporarily because you needed to access the Grid Manager for some other reason:
-
Perform whatever task or tasks you need to perform.
-
Click Sign Out, and close the Grid Manager.
-
Reenable SSO on the Admin Node. You can perform either of the following steps:
-
Run the following command:
enable-saml
A message indicates that the command applies to this Admin Node only.
Confirm that you want to enable SSO.
A message indicates that single sign-on is enabled on the node.
-
Reboot the grid node:
reboot
-
-
-
From a web browser, access the Grid Manager from the same Admin Node.
-
Confirm that the StorageGRID Sign in page appears and that you must enter your SSO credentials to access the Grid Manager.