| Excerpt |
|---|
How to set up Squirro Single Sign-On with Microsoft Active Directory Federation Services (AD FS). |
Table of Contents
| Table of Contents | ||
|---|---|---|
|
Configure AD FS
This walk-through assumes AD FS 2019, and the screenshots are from Windows Server 2019. The process is very similar on earlier versions.
Relying Party Trust
...
Claim Rules
...
- Claim rule name: Can be freely chosen, use for example "Group - <groupname>"
- User's group: Select the AD group to pass over
- Outgoing claim type: Group
- Outgoing claim value: put in the name of the group
...
Export Federation Metadata
Download the FederationMetadata.xml file. This can be downloaded from the ADFS server at https://ADFS_SERVER/FederationMetadata/2007-06/FederationMetadata.xml.
Configure SAML Metadata
To configure SAML Single Sign-On with the federation metadata file, go to the Server space in Squirro and in the navigation on the left select Single Sign-On (SAML).
Press the red plus button on the top right. Fill out the form:
...
Enable SSO
For security reasons, the final configuration needs to be done directly on the server. Log into the server using SSH or similar means and edit the file /etc/squirro/frontend.ini. Then append the following lines at the end:
| Code Block |
|---|
[security]
sso_enabled = true
sso_endpoint = http://localhost:81/studio/extauth_saml/extauth |
Reduce HTTP Session
By default Squirro will keep user sessions for 30 days, surviving browser restarts as well. In a Single Sign-On environment, this should be changed to the session expiring once the user restarts the browser. This can be achieved by changing /etc/squirro/frontend.ini and adding the following lines:
...
This page can now be found at ADFS Setup on the Squirro Docs site.