If you connect to the Kaspersky Security Center Linux failover cluster by using domain authentication with SSO, specify the trusted installation parameter as follows: If you connect Kaspersky Security Center Web Console to Administration Server version 16 or later, domain authentication with single sign-on (SSO) provided by Identity and Access Manager (IAM) will be used. In this case, specify the trusted installation parameter as follows:
"trusted": {
"<Administration Server name>": {
"iamHost": "ksc-iam.example.com",
"iamOAuthPort": 4444,
"iamProxyPort": 9050,
"iamCertPath": "<shared data folder>/iam/main_certificate.pem",
"iamPATPath": "<shared data folder>/iam/initial_token.txt",
"kscPort": 13299,
"kscCertPath": "<shared data folder>/1093/cert/klserver.cer"
}
}
where:
<Administration Server name> is the Kaspersky Security Center Linux failover cluster name that will be displayed in the login window of Kaspersky Security Center Web Console.iamHost is the address of the device where Administration Server and IAM are installed. If you created a secondary network adapter when preparing the cluster nodes, use the FQDN or host name of the adapter as the Kaspersky Security Center Linux failover cluster address. Otherwise, specify the FQDN or host name of the third-party load balancer that you use.iamOAuthPort is the port that is used for exchanging authentication tokens over the OpenID Connect authentication protocol (default value is 4444). This port is used both for communication between Kaspersky Security Center Web Console Server and Administration Server, and between the browser (used with Kaspersky Security Center Web Console) and Administration Server.iamProxyPort is the port that is used for connecting Kaspersky Security Center Web Console Server to Administration Server (default value is 9050).iamCertPath is the path to the certificate of IAM. The IAM certificate is created automatically the first time you run Administration Server. The certificate is located on the device where Administration Server is installed. The default path to the certificate is: <shared data folder>/iam/main_certificate.pem. The certificate is located in the shared data storage of the Kaspersky Security Center Linux failover cluster. The self-signed IAM certificate is rotated automatically.iamPATPath is the path to the token used for registration of Kaspersky Security Center Web Console as an OAuth-client in IAM. This file is generated the first time you run Administration Server. The token is located on the device where Administration Server is installed. The default path to the token is: <shared data folder>/iam/initial_token.txt. The token is located in the shared data storage of the Kaspersky Security Center Linux failover cluster. The token is valid indefinitely and does not require rotation.kscPort is the OpenAPI port that Kaspersky Security Center Web Console use to connect to Administration Server (default value is 13299).kscCertPath is the Administration Server certificate that is located in the shared data storage of the Kaspersky Security Center Linux failover cluster. The default path to the certificate file is: <shared data folder>\1093\cert\klserver.cer. Copy the Administration Server certificate file (specified by kscCertPath), the IAM certificate file (specified by iamCertPath), and the token file (specified by iamPATPath) from the shared data storage to the device where you install Kaspersky Security Center Web Console. Specify the local path to the Administration Server certificate.
If you connect Kaspersky Security Center Web Console to Administration Server version 15.4 or earlier, authentication by specifying the name and password of the domain user or the internal user will be used. In this case, specify the trusted installation parameter as follows:
"trusted": {
"<Administration Server name>": {
"kscHost": "ksc.example.com",
"kscPort": 13299,
"kscCertPath": "<shared data folder>/1093/cert/klserver.cer"
}
}
where:
<Administration Server name> is the Kaspersky Security Center Linux failover cluster name that will be displayed in the login window of Kaspersky Security Center Web Console.kscHost is the Administration Server address (FQDN or host name). If you created a secondary network adapter when preparing the cluster nodes, use the address of the adapter as the Kaspersky Security Center Linux failover cluster address. Otherwise, specify the address of the third-party load balancer that you use.kscPort is the OpenAPI port that Kaspersky Security Center Web Console uses to connect to Administration Server (default value is 13299).kscCertPath is the Administration Server certificate that is located in the shared data storage of the Kaspersky Security Center Linux failover cluster. The default path to the certificate file is: <shared data folder>\1093\cert\klserver.cer. Copy the certificate file from the shared data storage to the device where you install Kaspersky Security Center Web Console. Specify the local path to the Administration Server certificate.