Overview
This page gives an overview of SSO & SAML for authentication with Lenses.
Users
Control of how user create with SSO is determined by the SSO User Creation Mode. There are two modes:
Manual
SSO
With manual mode, only users that pre-created in HQ can login.
With sso mode, users that do not already exists are created and logged in.
Group Mapping
Control of how a user's group membership should be handled in relation to SSO is determined by the SSO Group Membership Mode. There are two modes:
Manual
SSO
With the manual mode, the information about the group membership returned from an Identity Provider will not be used and a user will only be a member of groups that were explicitly assigned to them in HQ.
With the sso mode, group information from Identity Provider (IdP) will be used. On login, a user's group membership is set to the groups listed in the IdP.
Groups that do not exist in HQ are ignored.
SAML configuration is defined in the config.yaml provided to HQ. For more information on the configuration options see here.
http:
saml:
metadata: |-
The follow SSO / SAML providers are supported.
Creating a Keystore
Enable SAML single-sign on by creating a keystore.
SAML needs a keystore with a generated key-pair.
SAML uses the key-pair to encrypt its communication with the IdP.
Creating a keystore
Use the Java keytool
to create one.
keytool \
-genkeypair \
-storetype pkcs12 \
-keystore lenses.p12 \
-storepass my_password \
-alias lenses \
-keypass my_password \
-keyalg RSA \
-keysize 2048 \
-validity 10000
storetype
The type of keystore (pkcs12 is industry standard, but jks also supported)
keystore
The filename of the keystore
storepass
The password of the keystore
alias
The name of the key-pair
keypass
The password of the key-pair (must be same as storepass for pkcs12 stores
Last updated
Was this helpful?