Version(s)
- Capsule8 Console version 4.4.1+
Steps:
To configure SAML in Okta follow steps from the integration guide
The SAML configuration values for <your-console-host> are:
1. Configure "General" section
Click on "Show Advanced Settings"
2. Configure "Advanced Settings" section
Click "Browse" on "Signature Certificate" and select your existing Console's crt file and then "Upload Certificate".
3. Configure "Attribute Statement" section
The names values required are:
- Email - http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
- Display Name - http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
After setting up Okta, change the following configuration variable set on the configuration file.
An example configuration file:
console:
#...
auth_saml_okta_enabled: true
auth_saml_console_host: 0.0.0.0:80
auth_saml_local_cert_file_path: /path/to/cert
auth_saml_metadata_url: https://dev-326354.okta.com/app/exkplucpmmntKXezz4x6/sso/saml/metadata
tls_cert_path: /path/to/cert
tls_key_path: /path/to/key
auth_saml_insecure_skip_verify : false
console.auth_saml_okta_enabled
needs to be set to eithertrue
orfalse
to turn Okta integration on or off, respectively.- Set the following variable
console.auth_saml_console_host
to where your Console's API is running, represented as<your-console-host>
in the previous steps. By default it's the same value asconsole.address
.This is done so Okta can resolve your Console's location. console.auth_saml_local_cert_file_path
should point to the path of Okta Certificate file. To get it click "Download Okta Certificate" on Okta configuration page.- For self-signed certificate,
console.auth_saml_insecure_skip_verify
should be set to True. But we do not recommend using self-signed certificate outside of testing.console.auth_saml_metadata_url
should be set to your relying party trust metadata endpoint. This value is available in the Okta's "Sign On" settings page. Just copy the address of the "Identity Provider metadata" link - If you want to override the default self-signed certificate shipped with the console, set the following variable to the corresponding file:
console.tls_cert_path
is your existing Console's crt file.console.tls_key_path
is your Console's private key file.console.auth_saml_insecure_skip_verify
is set to False by default and should be set to False.
Comments
0 comments
Please sign in to leave a comment.