Previous page Previous page

Next page Next page

Locate page Locate page

Print this page

Single Sign-On Configuration: sso Utility

The sso utility serves to manage the SSO service which allows Parallels Plesk Panel to participate in single sign-on (SSO) - a specialized form of authentication that allows a user to enter login and password only once during a session of interaction with several Web applications. In our case, it is an interaction with Parallels applications, meaning that using SSO allows, for example, a person who has accounts in both Parallels Plesk Panel (except for mail account) and Web Presence Builder to log in to Parallels Plesk Panel and then to enter Web Presence Builder without providing any additional credentials, or vice versa. The service which manages applications and user accounts participating in SSO is called Identity Provider (IdP).

The sso utility also allows managing the SSO branding in Parallels Plesk Panel. The SSO branding service enables hiding a real URL in the browser address bar and, instead, displaying a branded URL - a URL which a server administrator sets for this domain. When speaking about Parallels Plesk Panel, the SSO branding means that if a domain administrator of a domain on which SSO branding is configured logs in to Parallels Plesk Panel, and then enters Web Presence Builder, he sees the branded IdP URL which is set for this domain by a Parallels Plesk Panel administrator. And if the SSO branding is disabled on a domain, a domain administrator during the SSO session sees the URL of IdP where Parallels Plesk Panel is registered, which we call default IdP.

 

For more information on SSO service in Parallels Plesk Panel, see Parallels Plesk Panel Administrator's Guide.

The sso utility allows performing the following operations:

Note: The utility is available since Parallels Plesk Panel 8.3.

 

Usage

sso <command> [
<option_1> <param>
[<option_2> <param>]
]

 

Example

The following command retrieves information about the SSO service configuration and current state:

# ./sso --get-prefs

 

Commands

Command

Parameter

Description

Example

--enable or -e

 

Enables SSO authentication mode in Parallels Plesk Panel.

# ./sso --enable

--disable or -d

 

Disables SSO authentication mode in Parallels Plesk Panel.

# ./sso --disable

--set-prefs or -s

 

Configures SSO service.

Requires -server option.

To make Parallels Plesk Panel get involved in SSO managed by server available at https://idp-master.example.com:

# ./sso --set-prefs -server https://idp-master.example.com

--get-prefs or -g

 

Retrieves SSO service configuration and current state.

# ./sso --get-prefs

--set-branded-idp

 

Sets a branded IdP URL for a specified domain.

Requires -url option.

To set branded IdP URL for the domain example.com to https://idp.example.com:

# ./sso --set-branded-idp -url https://idp.example.com -domain example.com

Sets a default IdP URL.

Use no -domain option.

Requires -url option.

To set default IdP URL of Plesk to https://idp.sample.com:

# ./sso --set-branded-idp -url https://idp.sample.com

--get-branded-idp

 

Gets a branded IdP URL of a specified domain, or a table of domains with associated IdP URLs for all domains if no domain is specified.

To get branded IdP URL for the domain example.com:

# ./sso --get-branded-idp -domain example.com

To get a table of domains with associated IdP URLs for all domains

# ./sso --get-branded-idp

--del-branded-idp

 

Removes a branded IdP URL and sts a default IdP URL for a specified domain.

To remove a branded IdP URL and set a default IdP URL for the domain example.com:

# ./sso --del-branded-idp -domain example.com

Removes all branded IdP URLs and sets default IdP URL for all domains.

Use no -domain and -url options.

To remove all branded URLs and to set the default IdP URL for all domains:

# ./sso --del-branded-idp

Resets default IdP URL of Parallels Plesk Panel to IdP URL which was set during SSO service registration.

To change the default IdP URL of Parallels Plesk Panel https://idp.example.com to IdP URL which was set during SSO service registration:

# ./sso --del-branded-idp -url https://idp.example.com

--help or -h

 

Displays help on the utility usage.

# ./sso --help

 

Note: When turning SSO on a Parallels Plesk Panel server for the very first time, configure SSO service first, using the --set-prefs command, and only after that run the --enable command, otherwise enabling the service will fail.

 

Options

Option

Parameter

Description

Example

-server *

<URL>

Specifies the URL of IdP on which Parallels Plesk Panel is to be registered.

Used with the --set-prefs only.

* - See the Note below.

To make Parallels Plesk Panel get involved in SSO managed by server available at https://idp-master.example.com:

# ./sso --set-prefs -server https://idp-master.example.com

-url *

<URL>

Specifies branded IdP URL or default IdP URL for Parallels Plesk Panel.

Required with --set-branded-idp.

* - See the Note below.

To remove branded IdP URL https://idp.example.com and to set a default IdP URL of the domain example.com:

# ./sso --del-branded-idp -url https://idp.example.com -domain example.com

-domain

<domain_name>

Specifies a domain.

To get branded IdP URL of the domain example.com:

# ./sso --get-branded-idp -domain example.com

 

Note: When specifying branded IdP or default IdP URL, use fully qualified domain name (no localhost) or IP address (no internal IP address of a local network) which is correctly resolved.

 

Please send us your feedback on this help page.