| Excerpt |
|---|
How to set up Squirro Single Sign-On with Microsoft Active Directory Federation Services (AD FS). |
...
Download the FederationMetadata.xml file. This can be downloaded from the ADFS server at https://ADFS_SERVER/FederationMetadata/2007-06/FederationMetadata.xml.
Configure SAML Metadata
To configure SAML Single Sign-On with the federation metadata file, go to the Server space in Squirro and in the navigation on the left select Single Sign-On (SAML).
Press the red plus button on the top right. Fill out the form:
- Domain:
* - Enabled: Check
- Entity ID: leave empty for the default
- Metadata file: upload the
FederationMetadata.xmlfile - Certificate file: can be left empty
- User group: Select a user group which should be assigned to all SSO users - this is optional
- Group names field: put in the value
http://schemas.xmlsoap.org/claims/Group - Mapping of groups to Squirro roles:
this defines the server-wide permissions for SSO users based on the group names that were retrieved from the claims
Example value: Squirro_Admins=admin; Squirro=user; reject
This example gives admin rights to all users in the Squirro_Admins group, normal access to all users in the Squirro group and rejects all other logins.
...