Versions Compared

Old Version 9

changes.mady.by.user Patrice Neff

Saved on

compared with

New Version Current

changes.mady.by.user Nathan Gosse

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Excerpt

SAML is an open standard for single sign-on. It can be used to log into Squirro by means of a identity provider, such as Microsoft ADFS.

Table of Contents

Table of Contents
excludeTable of Contents

Walk-Throughs

For the following services and applications, there are detailed walk-throughs for the configuration. If you are using one of these, just follow the detailed step-by-step instructions.

Filter by label (Content by label)
showLabelsfalse
showSpacefalse
sorttitle
excerptTypesimple
cqllabel = "saml-tutorial"

Reference Information

SAML Single Sign-On is configured in three steps. First, the identity provider needs to be set up, next a metadata file needs to be provided to Squirro, and lastly SAML Single Sign-On needs to be enabled for the Squirro application.

Identity Provider

To configure the identify provider, the following information is generally required:

  • Entity ID: https://sso.squirro.com/o/saml2/entity

  • Callback URL (or ACS URL): https://SQUIRRO/sso/callback (URL of your Squirro installation plus the path /sso/callback)

  • Name ID: Email, Primary Email, or similar

Configure SAML Metadata

The identify provider should provide you with a metadata XML file. To configure SAML Single Sign-On with that file, go to the Server space in Squirro and in the navigation on the left select Single Sign-On (SAML).

In the setup screen that you now see, check the Enabled checkbox and select the metadata XML file for upload.

...

Enable SSO

For security reasons, the final configuration needs to be done directly on the server. Log into the server using SSH or similar means and edit the file /etc/squirro/frontend.ini. Then append the following lines at the end:

Code Block
languagetext
[security]
sso_enabled = true
sso_endpoint = http://localhost:81/studio/extauth_saml/extauth

Reduce HTTP Session

By default Squirro will keep user sessions for 30 days, surviving browser restarts as well. In a Single Sign-On environment, this should be changed to the session expiring once the user restarts the browser. This can be achieved by changing /etc/squirro/frontend.ini and adding the following lines:

...

languagetext

...

This page can now be found at SAML SSO for Squirro on the Squirro Docs site.