Enable single sign-onEstimated reading time: 2 minutes
This topic applies to Docker Enterprise.
The Docker Enterprise platform business, including products, customers, and employees, has been acquired by Mirantis, inc., effective 13-November-2019. For more information on the acquisition and how it may affect you and your business, refer to the Docker Enterprise Customer FAQ.
Users are shared between UCP and DTR by default, but the applications have separate browser-based interfaces which require authentication.
To only authenticate once, you can configure DTR to have single sign-on (SSO) with UCP.
Note: After configuring single sign-on with DTR, users accessing DTR via
docker loginshould create an access token and use it to authenticate.
At install time
When installing DTR, pass
--dtr-external-url <url> to enable SSO. Specify the Fully Qualified Domain Name (FQDN) of your DTR, or a load balancer, to load-balance requests across multiple DTR replicas.
docker run --rm -it \ docker/dtr:2.7.6 install \ --dtr-external-url dtr.example.com \ --dtr-cert "$(cat cert.pem)" \ --dtr-ca "$(cat dtr_ca.pem)" \ --dtr-key "$(cat key.pem)" \ --ucp-url ucp.example.com \ --ucp-username admin \ --ucp-ca "$(cat ucp_ca.pem)"
This makes it so that when you access DTR’s web user interface, you are redirected to the UCP login page for authentication. Upon successfully logging in, you are then redirected to your specified DTR external URL during installation.
Web user interface
- Navigate to
https://<dtr-url>and log in with your credentials.
- Select System from the left navigation pane, and scroll down to Domain & Proxies.
- Update the Load balancer / Public Address field with the external URL where users should be redirected once they are logged in. Click Save to apply your changes.
- Toggle Single Sign-on to automatically redirect users to UCP for logging in.
Command line interface
You can also enable single sign-on from the command line by reconfiguring your DTR. To do so, run the following:
docker run --rm -it \ docker/dtr:2.7.6 reconfigure \ --dtr-external-url dtr.example.com \ --dtr-cert "$(cat cert.pem)" \ --dtr-ca "$(cat dtr_ca.pem)" \ --dtr-key "$(cat key.pem)" \ --ucp-url ucp.example.com \ --ucp-username admin \ --ucp-ca "$(cat ucp_ca.pem)"