sso.exe: Single Sign-On Configuration
The sso.exe utility serves to manage the SSO service which allows Plesk to participate in single sign-on (SSO) - a specialized form of authentication that allows a user to enter login and password only once during a session of interaction with several Web applications. In our case, it is an interaction with Plesk applications, meaning that using SSO allows, for example, a person who has accounts in both Plesk (except for mail account) and Presence Builder to log in to Plesk and then to enter Presence Builder without providing any additional credentials, or vice versa. The service which manages applications and user accounts participating in SSO is called Identity Provider (IdP).
The sso.exe utility also allows managing the SSO branding in Plesk. The SSO branding service enables hiding a real URL in the browser address bar and, instead, displaying a branded URL - an URL which a server administrator sets for this domain. When speaking about Plesk, the SSO branding means that if a domain administrator of a domain on which SSO branding is configured logs in to Plesk, and then enters Presence Builder, he sees the branded IdP URL which is set for this domain by a Plesk administrator. And if the SSO branding is disabled on a domain, a domain administrator during the SSO session sees the URL of IdP where Plesk is registered, which we call default IdP.
For more information on SSO service in Plesk, see Plesk Administrator's Guide.
The sso.exe utility allows performing the following operations:
- Enabling/Disabling the SSO service on Plesk server
- Configuring the SSO service which is, at the moment, specifying the Identity Provider
- Getting the SSO service configuration
- Managing the SSO branding (setting, removing and getting branded IdP URLs)
Location
%plesk_cli%
Usage
sso.exe command [options]
Example
The following command retrieves information about the SSO service configuration and current state:
sso.exe --get-prefs
Commands
| Command | Parameter | Description | Example | ||
|---|---|---|---|---|---|
|
|
|
Enables SSO authentication mode in Plesk. |
sso.exe --enable |
||
|
|
|
Disables SSO authentication mode in Plesk. |
sso.exe --disable |
||
|
|
|
Configures SSO service. Requires |
To make Plesk get involved in SSO managed by server available at https://idp-master.example.com: sso.exe --set-prefs -server https://idp-master.example.com |
||
|
|
|
Retrieves SSO service configuration and current state. |
sso.exe --get-prefs |
||
|
|
|
Sets a branded IdP URL for a specified domain. Requires |
To set branded IdP URL for the domain example.com to https://idp.example.com: sso.exe --set-branded-idp -url https://idp.example.com -domain example.com |
||
|
Sets a default IdP URL. Use no Requires |
To set default IdP URL of Plesk to https://idp.sample.com: sso.exe --set-branded-idp -url https://idp.sample.com |
||||
|
|
|
Gets a branded IdP URL of a specified domain, or a table of domains with associated IdP URLs for all domains if no domain is specified. |
To get branded IdP URL for the domain example.com: sso.exe --get-branded-idp -domain example.com To get a table of domains with associated IdP URLs for all domains: sso.exe --get-branded-idp |
||
|
|
|
Removes a branded IdP URL and sets a default IdP URL for a specified domain. |
To remove the IdP URL and to set a default IdP URL for the domain example.com: sso.exe --del-branded-idp -domain example.com |
||
|
Removes all branded IdP URLs and sets default IdP URL for all domains. Use no |
To remove all branded URLs and to set the default IdP URL for all domains: sso.exe --del-branded-idp |
||||
|
Resets default IdP URL of Plesk to IdP URL which was set during SSO service registration. |
To change the default IdP URL of Plesk https://idp.example.com to IdP URL which was set during SSO service registration: sso.exe --del-branded-idp -url https://idp.example.com |
||||
|
|
|
Displays help on the utility usage. |
sso.exe --help |
||
Note: When turning SSO on a Plesk server for the very first time, configure SSO service first, using the --set-prefs command, and only after that run the --enable command, otherwise enabling the service will fail.
Options
| Option | Parameter | Description | Example |
|---|---|---|---|
|
|
|
Specifies the URL of IdP on which Plesk is to be registered. Used with the * - See the Note below. |
To make Plesk get involved in SSO managed by server available at https://idp-master.example.com: sso.exe --set-prefs -server https://idp-master.example.com |
|
|
|
Specifies branded IdP URL or default IdP URL for Plesk. Required with * - See the Note below. |
To remove branded IdP URL https://idp.example.com and to set a default IdP URL of the domain example.com: sso.exe --del-branded-idp -url https://idp.example.com -domain example.com |
|
|
|
Specifies a domain. |
To get branded IdP URL of the domain example.com: sso.exe --get-branded-idp -domain example.com |
Note: When specifying branded IdP or default IdP URL, use fully qualified domain name (no localhost) or IP address (no internal IP address of a local network) which is correctly resolved.