In Foglight 188.8.131.52 release, we introduced two new authentication features: support for multiple LDAP/AD domains, and Auth-Token support.
In addition to single domain LDAP/AD authentication, we have added support for multiple-domain authentication. Though one domain covers most use cases, it sometimes becomes necessary for large enterprises to use multiple domains in their production environments. For example, merger and acquisition activity often introduces multiple domains that need to be incorporated within one organization. With this in mind, we have added support for multiple-domains authentication in Foglight 184.108.40.206.
The domains authentication will be done sequentially. User login will be success when any of domains' authentication passed. On the contrary, the user login will be failed if all login attempts fail.
Token-based authentication, aka Auth Token, is another feature added in this release. An Auth Token could be used in several cases, such as:
One digital token can only be associated with one Foglight user, and vice versa. There is role-level access control for the Auth Token generation and removal. The Foglight Administrator role can generate and remove the Auth Token for Foglight users. Non-administrative users can only manage their own user accounts through Foglight Command Line.
The Foglight administrators and the token-associated user account can reset or delete the Auth Token.
In the Details of <user> dashboard (Administration > Users & Security Management > User Management), the Foglight administrators can generate new digital tokens, update or delete existing tokens.
Alternatively, the Auth Token can also be managed through Foglight Command Line.
The Auth Token can be used for below integrations. Please refer to the Foglight help document and REST API document for more details.
./fglcmd.sh -srv <FMS IP> -port <FMS port> -authtoken < authToken > -cmd command
It is important to secure the Auth Token usage. Foglight administrators can take advantage of the relevant user roles to better manage the user access. The following two user roles are newly introduced in the Foglight 220.127.116.11 release for better security management:
Meanwhile, to protect the Auth Token, SSL connection for Foglight REST API and URL dashboard view is recommended.