42 lines
1.8 KiB
Plaintext
42 lines
1.8 KiB
Plaintext
---
|
|
sidebar_position: 1
|
|
sidebar_label: 'ssl'
|
|
---
|
|
|
|
# Secure Socket Layer/Transport Layer Security
|
|
Each realm has an SSL Mode associated with it. The SSL Mode defines the SSL/HTTPS requirements for interacting with the realm. Browsers and applications that interact with the realm must honor the SSL/HTTPS requirements defined by the SSL Mode or they will not be allowed to interact with the server.
|
|
|
|
## Video Tutorial
|
|
import videojs from 'video.js';
|
|
|
|
<video id="my-video" class="vjs-fill vjs-default-skin" controls preload="auto" width="100%" height="100%" poster="/img/user-guide/ssl-mode.png" >
|
|
<source src="/videos/user-guide/admin/admin-login.webm" type="video/webm"/>
|
|
</video>
|
|
|
|
## Reference instructions
|
|
Please follow the instructions below:
|
|
|
|
### SSL Mode
|
|
|
|
NPIS-IAM generates a self-signed certificate which unfortunately isn't secure, and shouldonly be used for testing purposes installing a CA-signed certificate in NPIS-IAM itself or on areverse proxy in front of the NPIS-IAM. The NPIS admin is advised to procure a **wildcard** for the domain npis.go.ug from a credible certificate authority.
|
|
|
|
|
|
|
|
To configure the SSL Mode of a created or existing realm, the admin needs to click on the Realm Settings left menu item and go to the Login tab.
|
|
The **Require SSL** option allows you to pick the SSL Mode you want. Here is an explanation of each mode:
|
|
|
|
|
|
|
|
* external requests
|
|
|
|
- Users can interact with NPIS-IAM without SSL so long as they stick to private IP addresses like localhost, 127.0.0.1, 10.x.x.x, 192.168.x.x, and 172.16.x.x. Any attempt to access NPIS-IAM without SSL from a non-private IP address you will get an error.
|
|
* none
|
|
|
|
- NPIS-IAM does not require SSL. This should really only be used in testing
|
|
* all requests
|
|
|
|
- NPIS-IAM requires SSL for all IP addresses.
|
|
|
|
|
|
|