Establish a Single Sign-On Connection between Kyvos and Kyvos Reporting
After deploying the Kyvos Reporting Service node, if Kyvos and Kyvos Reporting are running in a secured (HTTPS/TLS) mode, you need to establish an SSO connection in the Kyvos Reporting Portal.
Before establishing an SSO connection, ensure the following:
The certificate must be in the .cer or crt format. If the certificate is in the .jks format (not in .cer or crt format), you must export the certificate into .cer or crt format.
Import the Kyvos certificate to the Kyvos Reporting cert. Similarly, the Kyvos Reporting certificate will be imported to the Kyvos cert.
If you use self-signed certificates, ensure that the CN name of the certificate is the same as the certificate name and Alias.
Before exporting the certificate, ensure that the names of both certificates (Kyvos and Kyvos Reporting) are different.
Exporting the certificate details
To export the certificate details, do one of the following:
Using Web Browser
Open a web browser and type the Kyvos or Kyvos Reporting URL in the address bar of the web browser.
Kyvos: https://<ip/hostname>:port/kyvos
Kyvos Reporting: https://<ip/hostname>:port/kyvosreporting
Depending on your browser, you can usually access certificate details by clicking the padlock icon next to the website's URL in the address bar. This icon typically indicates that the connection is secure.
In the context menu, right-click the padlock icon or in the browser's security settings, look for an option View Certificate or Certificate information.
Here's an example image to help you open certificates on Google Chrome or Microsoft Edge. If you're using a different web browser, you can search for instructions.
Google Chrome | Microsoft Edge |
|---|---|
 | |
Using Terminal (Kyvos and Kyvos Reporting)
Go to the terminal and execute the keytool command. The certificate will be exported.
The keytool is placed at:Kyvos: /data/kyvos/app/kyvos/jre/jre/bin
Kyvos Reporting: /data/kyvos/app/KyvosReporting/jre/bin
To check the alias stored in the .jks file, execute the keytool -list -v -keystore your_keystore.jks command.
For KyvosFor Kyvos Reporting
Execute the keytool -export -alias your_alias -file certificate.cer -keystore your_keystore.jks command to export the certificate from the .jks file to a file in X.509 certificate format (usually with a .cer or .crt extension). Replace your_alias with the alias of the certificate entry in your keystore, and your_keystore.jks with the path to your .jks file.
KyvosKyvos Reporting
Importing certificate details
After exporting the certificate into .cer or .crt format, you need to import the Kyvos certificate to Kyvos Reporting JRE. Similarly, Kyvos Reporting certificate will be imported to Kyvos JRE. To do this, perform the following steps.
To import Kyvos Reporting certificate in JRE of Kyvos,
Navigate to the ../kyvos/app/kyvos/jre_latest/lib/security installed directory location where Kyvos is installed and place the generated certificate under the security folder.
Execute the keytool -import -v -trustcacerts -alias your_aliasname -file your_certificatename.cer/crt -keystore cacerts to import the certificate.
To import Kyvos certificate in JRE of Kyvos Reporting,
Navigate to the ../kyvos/app/KyvosReporting/jre/lib/security installed directory location where Kyvos is installed and place the generated certificate under security folder.
Execute the keytool -import -v -trustcacerts -alias your_aliasname -file your_certificatename.cer/crt -keystore cacerts to import the certificate.
Verify that the Kyvos and Kyvos Reporting certificate domain.
If Kyvos and Kyvos Reporting are using the same certificate to run the URL in HTTPS mode, after importing the certificates on both the nodes where Kyvos Reporting and Kyvos is running, you must map host name and IP under hosts file at the /etc/hosts location. Ensure that you login with root user.
On Kyvos Reporting node: Kyvos node IP and host name
On Kyvos node: Kyvos Reporting node IP and host name
For example, ifIP: 127.0.0.1
Hostname: xyz
then entry in the hosts file should be 127.0.0.1 xyz
If Kyvos and Kyvos Reporting are using different certificates to run the URL in HTTPS mode, after importing the certificates on both the nodes where Kyvos Reporting and Kyvos is running, you must map host name, IP address and certificate name under hosts file at the /etc/hosts location. Ensure that you login with root user.
On Kyvos Reporting node: Kyvos node IP, host name, and certificate name
On Kyvos node: Kyvos Reporting node IP, host name, and certificate name
For example, if
IP: 127.0.0.1
Hostname: xyz
Certificate name: certificatename (without extension)
then entry in the hosts file should be 127.0.0.1 xyz certificatename
Login to Kyvos Manager.
In the navigation pane, click Kyvos and Ecosystem > Kyvos Properties.
On the Kyvos Properties page, in the Globals.properties section, search for the REPORTING_PORTAL_URL property and provide the Kyvos Reporting HTTPS URL:
If Kyvos and Kyvos Reporting are using the same certificates to run the URL in HTTPS mode, enter:
REPORTING_PORTAL_URL - https://<machine hostname>:port/kyvosreportingIf Kyvos and Kyvos Reporting are using different certificates to run the URL in HTTPS mode, enter:
REPORTING_PORTAL_URL - https://<certificate name>:port/kyvosreporting
Save the configuration and restart Kyvos Web Portal.
Note
Go to Kyvos Reporting Portal and while creating the connection, provide necessary details, such as Provider, Driver Version, HTTP Path, Port (HTTPS port), username, and enable the SSL mode by selecting the checkbox.
For Host, instead of using Server IP, use Kyvos Web Portal machine hostname.