To sign into the Capsule8 Console via Azure SSO, follow these steps:
Create a new app in Azure Active Directory
- Navigate to the Enterprise Applications page of the Azure Active Directory instance.
- Select Create your own application.
- Input a name for the application and click Create.
- On the application's page, select Single sign-on then SAML
- Under "Basic SAML Configuration", configure the following:
- "Identifier" should be in the format
https://<console-base-domain>/sessions/saml/adfs/metadata
- "Reply URL" should be in the format
https://<console-base-domain>/sessions/saml/adfs/acs
- "Sign on URL" should be in the format
https://<console-base-domain>/sessions/saml/adfs
- "Logout URL" should be in the format
https://<console-base-domain>/sessions/saml/adfs/slo/request
- "Identifier" should be in the format
- Copy the "App Federation Metadata Url" and download the base64 certificate for the next steps
Configure the Capsule8 Console
Set the following variables in the Capsule8 Console configuration file.
console:
#...
auth_saml_adfs_enabled: true
auth_saml_metadata_url: "https://login.microsoftonline.com/8388b277-f2d9-46ad-982d-e89432a19c20/federationmetadata/2007-06/federationmetadata.xml?appid=f0115ca8-3c35-4cdc-aded-cff83681d409"
auth_saml_local_cert_file_path: /path/to/cert
auth_saml_console_host: capsule8.mycompany.com
- Set
auth_saml_adfs_enabled
to true auth_saml_metadata_url
should be the metadata URL copied in the previous sectionauth_saml_local_cert_file_path
should be the path to the certificate file downloaded in the previous sectionauth_saml_console_host
The public-facing address of the Capsule8 Console
After restarting the Capsule8 Console and navigating to the login page, the option to Sign in with ADFS should be visible.
Optional configuration values
console:
#...
auth_saml_insecure_skip_verify: true
tls_cert_path: /path/to/cert
tls_key_path: /path/to/key
auth_saml_insecure_skip_verify: true
auth_saml_insecure_skip_verify
For self-signed certificates, this field should be set to true.- To override the console's SSL certificates, set the
console.tls_cert_path
andtls_key_path
properties to their corresponding files.
Comments
0 comments
Please sign in to leave a comment.