Introduce single sign-on in DTR (#85)

2017-06-19 17:26:09 -07:00 · 2017-06-19 17:26:09 -07:00 · 2ab4f02991
parent f5f1bb7204
commit 2ab4f02991
4 changed files with 45 additions and 1 deletions
--- a/_data/toc.yaml
+++ b/_data/toc.yaml
@ -1748,6 +1748,8 @@ manuals:
          title: License your installation
        - path: /datacenter/dtr/2.3/guides/admin/configure/use-your-own-tls-certificates/
          title: Use your own TLS certificates
+        - path: /datacenter/dtr/2.3/guides/admin/configure/enable-single-sign-on/
+          title: Enable single sign-on
        - sectiontitle: External storage
          section:
          - path: /datacenter/dtr/2.3/guides/admin/configure/external-storage/
--- a/datacenter/dtr/2.3/guides/admin/configure/enable-single-sign-on.md
+++ b/datacenter/dtr/2.3/guides/admin/configure/enable-single-sign-on.md
@ -0,0 +1,42 @@
+---
+title: Enable single sign-on
+description: Learn how to set up single sign-on between UCP and DTR, so that your users only have to authenticate once
+keywords: dtr, login, sso
+---
+
+By default, users are shared between UCP and DTR, but you have to authenticate
+separately on the web UI of both applications.
+
+You can configure DTR to have single sign-on (SSO) with UCP, so that users only
+have to authenticate once.
+
+## At installation time
+
+When installing DTR, use the `docker/dtr install --dtr-external-url <url>`
+option to enable SSO. When accessing the DTR web UI, users are redirected to the
+UCP login page, and once they are authenticated, they're redirected to the URL
+you provided to `--dtr-external-url`.
+
+Use the domain name of DTR, or the domain name of a load balancer, if you're
+using one, to load-balance requests across multiple DTR replicas.
+
+## After install
+
+In your browser, navigate to the DTR web UI, and choose **Settings**. In the
+**General** tab, scroll to **Domain & proxies**.
+
+Update the **Load balancer / public address** field to the url where users
+should be redirected once they are logged in.
+Use the domain name of DTR, or the domain name of a load balancer, if you're
+using one, to load-balance requests across multiple DTR replicas.
+
+Then enable **Use single sign-on**.
+
+![](../../images/enable-sso-1.png){: .with-border}
+
+Once you save, users are redirected to UCP for logging in, and redirected back to
+DTR once they are authenticated.
+
+## Where to go next
+
+* [Use your own TLS certificates](use-your-own-tls-certificates.md)
--- a/datacenter/dtr/2.3/guides/admin/configure/license-your-installation.md
+++ b/datacenter/dtr/2.3/guides/admin/configure/license-your-installation.md
@ -36,4 +36,4 @@ Click the **Apply new license** button, and upload your new license file.

 ## Where to go next

-* [Use your own TLS certificates](use-your-own-tls-certificates.md)
+* [Enable single sign-on](enable-single-sign-on.md)
--- a/datacenter/dtr/2.3/guides/images/enable-sso-1.png
+++ b/datacenter/dtr/2.3/guides/images/enable-sso-1.png