3.5 – Users

Contents:

General

By default, users.json in the data directory is used to authenticate users and use the local user database (see below for user creation). Users must then log in to SparkView once this file exists and is in use.

sv_login_narrow.png

After successful login, the destinations and hosts that the user can reach using different protocols (RDP, SSH, VNC, HTTP/S, etc.) are displayed:

sv_logged_in_narrow.png

User creation

Local user database

You can use config.html to configure users.json. Use your browser and navigate to: http://localhost/config.html. For security reason, this page can be only accessed from localhost. The user name should be your email if you are using OpenID integration (log in with Google Account etc).

The following parameters can be stored when creating a user:

Integrate Active Directory/LDAP/RADIUS

To connect to Active Directory, LDAP, or RADIUS, use the specific instructions in Chapter 3.27.

Import from Active Directory

In addition to the normal Active Directory connection, users can also be imported and written to the users.json file. This allows you to transfer user management from Active Directory to SparkView.

To start an import, open the Users tab on the config.html page and enter the required details in the fields listed above:

Screenshot 2024-10-29 095620.png

Explanation of the fields:

In addition, the last field can be used to assign servers to the imported users. Enter the server IDs from the Servers tab, separated by commas.

OAuth 2.0

You can also log in with Google, Yahoo etc with OAuth 2.0 integration. For OAuth 2.0 integration

If you don’t need this OAuth 2.0 integration, you can remove the following part from login.html:
<a href="/OPENID?id=Google"><img src="google.png" title="Sign in with Google account"/></a>

Please check Chapter 3.22 for more information about OAuth 2.0.


Activate two-factor authentication (2FA)

An authenticator app (e.g. Google Authenticator) is required for use.

  1. Set twoFA=1 to activate or twoFA=2 to force in gateway.conf
  2. The user logs in to SparkView, a QR code appears
  3. Scan the QR code with the Authenticator app and enter the 6-digit code

Reset second factor (2FA) for individual users

There are 3 ways to reset the second factor for individual users:

⚠️ Attention!

To reset the second factor, the SparkView service must first be stopped.

Java-Command

Use the following command in the SparkView root directory:
sudo java -cp SparkGateway.jar com.toremote.gateway.tool.TwoFactor username

For AD users with domain, please use the following command:
sudo java -cp SparkGateway.jar com.toremote.gateway.tool.TwoFactor "domain\user.name"

For Windows users:
java -cp SparkGateway.jar com.toremote.gateway.tool.TwoFactor username or if AD:
java -cp SparkGateway.jar com.toremote.gateway.tool.TwoFactor "domain\user.name"

cURL-Request

The SparkView service must be running for this. Then please use the following command:
curl -k -G --data-urlencode "target=twofa" --data-urlencode "user=username" http://sparkview-server.com/CONTROL

For AD users, please use the following command:
curl -k -G --data-urlencode "target=twofa" --data-urlencode "user=domain\user.name" http://sparkview-server.com/CONTROL

HTTP request (API)

The SparkView service must be running and a hashed management password must be used. Then please call up the following URL:
http://sparkview-server.com/CONTROL?target=twofa&user=username&gatewayPwd=21232f297a57a5a743894a0e4a801fc3


Revision #18
Created 5 April 2022 10:12:31 by Julian
Updated 29 October 2024 09:25:56 by Julian