Excerpt |
---|
Instructions on how to integrate Squirro with Google's Single Sign-on offering. |
Table of Contents
Table of Contents | ||
---|---|---|
|
Configure Google Apps
...
- Application Name: Squirro
- Upload logo: You can use the file squirro_symbol.png
...
Configure SAML Metadata
To configure SAML Single Sign-On with the federation metadata file, go to the Server
space in Squirro and in the navigation on the left select Single Sign-On (SAML)
.
Press the red plus button on the top right. Fill out the form:
- Domain:
*
- Enabled: Check
- Metadata file: upload the
GoogleIDPMetadata-squirro.com.xml
file that was downloaded from Google earlier - User group: Select a user group which should be assigned to all SSO users
Enable SSO
For security reasons, the final configuration needs to be done directly on the server. Log into the server using SSH or similar means and edit the file /etc/squirro/frontend.ini
. Then append the following lines at the end:
Code Block |
---|
[security]
sso_enabled = true
sso_endpoint = http://localhost:81/studio/extauth_saml/extauth |
Reduce HTTP Session
By default Squirro will keep user sessions for 30 days, surviving browser restarts as well. In a Single Sign-On environment, this should be changed to the session expiring once the user restarts the browser. This can be achieved by changing /etc/squirro/frontend.ini
and adding the following lines:
Code Block |
---|
[frontend]
session_permanent = false |
Restart the frontend service to make these config file changes active:
...
This page can now be found at Google SAML Setup on the Squirro Docs site.