Authenticating
Oracle Linux Automation Manager uses a certificate authority (CA) certificate with NGINX and Oauth2 for token based authentication to enable clients to connect securely to the server. Tokens are easily revoked and are best suited to third party tooling integration.
Note:
The Oracle Linux Automation Manager Installation Guide document provides
instructions for setting up your server with a self-signed certificate, however,
Oracle recommends that you use a signed certificate to ensure your server is secure.
If you use the self-signed certificate, then append -k to all
Oracle Linux Automation Manager REST API curl or CLI requests to indicate that the
request is insecure.
To setup an Oauth2 token for a user, do the following:
- Open a terminal on your Oracle Linux Automation Manager server.
- Run the following commands:
sudo su -l awx -s /bin/bash awx-manage create_oauth2_token --user=<username>
In the previous example, <username> is the user name of the account for which you want to create a token. - The command generates a token that you must note down in a secure way so that you
can use it when running cURL or CLI commands. For example, the following token is
generated using the create_oauth2_token command:
JWjb1AyOJOWi4yPBYWC7NQofdNSjAM
To revoke all Oauth2 token for a user, do the following:
- Open a terminal on your Oracle Linux Automation Manager server.
- Run the following commands:
sudo su -l awx -s /bin/bash awx-manage revoke_oauth2_tokens --user=<username>
In the previous example, <username> is the user name of the account for which you want to revoke all tokens. The command lists all revoked tokens for the user. For example, the following tokens are revoked when using the revoke_token2_tokens command:revoked OAuth2AccessToken aeOy7IWqlt19Kc8Fu1IElsj2w6rCOz revoked OAuth2AccessToken JWjb1AyOJOWi4yPBYWC7NQofdNSjAM