Launching and Signing In
The method used to launch and sign in to the web interface will vary slightly depending on the authentication configuration.
- Platform Authentication: If users are authenticated at the platform level, then see Platform Authentication.
- SSO: If Single Sign On (SSO) is enabled, then see Single Sign On (SAML SSO).
In general:
- You cannot access the web interface from inside an IFRAME.
- Script injection and other common security loopholes are blocked.
- User access requires https:// access. Attempts to log in using http:// result in an error.
Platform Authentication
To launch and log into the web interface when platform authentication (non-SSO) is enabled:
- In a Web browser, navigate to
https://<ip-address>
, where<ip-address>
is one of the following:- The IP address of the Controller host.
- The cluster IP address, which will automatically route you to either the Controller host (under normal circumstances) or the Shadow Controller host (if platform High Availability is enabled and the Controller host has failed). Please see Host Requirements and High Availability for information on enabling platform High Availability.
- If HPE Ezmeral Runtime Enterprise is installed on a non-routable network with one or more Gateway hosts installed, then you may navigate to the IP address of any Gateway host without a port number to be automatically redirected to the Primary Controller or Shadow Controller, as appropriate. You may specify Port 80 for HTTP, 443 for HTTPS, or 8080 for RESTful API access. Adding a port number other than 80, 443, or 8080 to the IP address of a Gateway host will access the mapped service within one of the containers.
Alternatively, if you have a DNS service on the network that maps the Controller IP address to the Controller hostname or cluster FQDN, then you can navigate to
https://<hostname>
, as appropriate.The Sign In screen appears.
- Enter your username and password in the appropriate fields. If multiple
authentication domains are configured, then you may either enter your username
as
<username>@<domain>
(where<username>
is your username, and<domain>
is the name of the domain to use to authenticate your login), or simply enter your username and then proceed to Step 3.- The default Platform Administrator credentials are:
admin
/admin123
.
NOTEYou must have at least one role assigned in one tenant or project in order to be able to log in to the web interface. - The default Platform Administrator credentials are:
- If HPE Ezmeral Runtime Enterprise is configured for either local authentication or local authentication and a single LDAP/AD login, then skip to Step 5, otherwise proceed to Step 4.
- If multiple authentication domains are configured, then you may use the
Domain for Authentication menu to select the domain
to use to authenticate your login. This menu does not appear if either local
authentication or a single authentication domain has been configured, or if the
Platform Administrator has disabled it, as described in Configuring User Authentication Settings.
- You may do this instead of entering your username as
<username>@<domain>
, as described in Step 2. - If you entered your username as
<username>@<domain>
in Step 2, then that entry will override any selection you make in the Domain for Authentication menu.- If multiple domains are configured and the Platform Administrator has disabled the Domain for Authentication pull-down menu, then you may simply enter your username to search all available authentication domains.
- You may do this instead of entering your username as
- Click the Sign In button.
Yo will be signed in to the tenant or project you last accessed before signing out of your previous session, and the Dashboard screen appropriate to the role you have in that tenant or project will appear. The content of the main menu also varies depending on your role. See Navigating the GUI.
You may switch to any tenant or project that you have access to by clicking the User Actions icon (down arrow) to the right of the Role display at the top of the screen to open the User Actions menu, and then selecting the desired tenant or project.
Single Sign On (SAML SSO)
To launch and log in when SAML SSO is enabled, launch a web browser and then navigate
to one of the following, where <ip-address>
is the IP address of
the controller:
http://<ip-address>/bdswebui/login
https://<ip-address>/bdswebui/login
This action bypasses the Sign In screen.
You will be signed in to the tenant or project you last accessed before signing out of your previous session, and the Dashboard screen appropriate to the role you have in that tenant or project will appear. If you are a Kubernetes Cluster Administrator or a Platform Administrator, you will be signed into the deployment instead of a particular tenant or project. The content of the main menu also varies depending on your role. See Navigating the GUI.
You may switch to any tenant or project that you have access to by clicking the User Actions icon (down arrow) to the right of the Role display at the top of the screen to open the User Actions menu, and then selecting the desired tenant or project.