The default location of sso.js is /usr/local/brs/lib/ecdm-ui/server/emc-login-server/server/.
The default location of sso-okta.js and sso-dpc.js is /usr/local/brs/lib/aaa/config/.
- Take a backup.
- cp /usr/local/brs/lib/ecdm-ui/server/emc-login-server/server/sso.js /usr/local/brs/lib/aaa/config/sso.js_19_9_ori
- Enable SSO with Okta.
- cp /usr/local/brs/lib/aaa/config/sso-okta.js /usr/local/brs/lib/ecdm-ui/server/emc-login-server/server/sso.js
- Disable SSO with Okta.
- cp /usr/local/brs/lib/aaa/config/sso-dpc.js /usr/local/brs/lib/ecdm-ui/server/emc-login-server/server/sso.js
- Do not overwrite sso.js, but back it up as sso.js_19_9_ori into the /usr/local/brs/lib/aaa/config/ folder, and then only sso-okta.js to sso.js *.
Any changes will require a UI restart.
Note: An sso.js must be updated in its own directory. Find the following files named sso-oka.js and sso-dpc.js. These files are located in /usr/local/brs/lib/aaa/config/.
Updating PowerProtect Data Manager application-sso.properties
The unique update required is /usr/local/brs/lib/aaa/config/application-sso.properties.
- # SSO OIDC token signature algorithm (JWA)
- Default value: HS256 aaa.sso.client.alg=RS256
- The application-sso.properties file is located in the /usr/local/brs/lib/aaa/config”folder.
- This file can be modified using vi in an ssh session. Admin operating system credentials are required.
- The SSO OIDC token signature algorithm default value is HS256. You must change the aaa.sso.client.alg value to RS256.
No other update is needed. Run aaa restart.
Figure 20. Updating application-sso.properties
Note: A unique role mapping is present in dp_admin, which is mapped to the PowerProtect Data Manager local admin. Other users can be added and mapped to other PowerProtect Data Manager local accounts.