You install and configure Authentication Services and the Starling module to access the internet by means of a proxy service, the HTTP proxy service listens on a TCP port other than 80, 81, 443, 488, 8008, 8009, 8443, 9000
The client system has SELINUX in enforcing mode.
You may experience Starling problems such as:
Starling Prompts not showing via sshd but they do show when performing sudo
On a RHEL/Centos system with SELinux set to "enforcing" a default set of rules are loaded to allow communications between processes. This set of rules will prohibit local processes to connect to local or remote processes not defined in SELinux policies.
In this example a remote proxy service was setup at TCP port 10041 to allow Starling enabled hosts to communicate with the One Identity Cloud Service.
If you try to access the resource and then run:
# ausearch -m AVC,USER_AVC -ts recent
Will provide you with valuable data in case a communication problem exists, with entries such as :
With this information, you can modify SELINUX policies in order to allow the process to exit the client system and reach the destination proxy.
An example to create a SELINUX policy to reach destination HTTP proxy at port 10041 will be:
# semanage port -a -t http_port_t -p tcp 10041
More information can be found in the RedHat SELINUX manuals.
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Nutzungsbedingungen Datenschutz