Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Instructions on how to integrate Squirro with Google's Single Sign-on offering.

Table of Contents

Install Dependencies

To set up SAML Single Sign-On in Squirro, the following dependencies must be installed:

  • xmlsec1
  • xmlsec1-openssl

These can be installed with yum:

sudo yum install xmlsec1 xmlsec1-openssl

Configure Google Apps

  1. Open the Google Admin console
  2. Click on "Apps"
  3. Click on "SAML apps"
  4. Create a new SAML app using the plus button at the bottom right
  5. Select "Setup my own custom app"
  6. Download the IDP metadata file - this is required for Squirro later
  7. Fill out the basic information:
  8. Fill in the service provider details:
    1. ACS URL: https://SQUIRRO/sso/callback (URL of your Squirro installation plus the path /sso/callback)
    2. Entity ID: https://sso.squirro.com/o/saml2/entity
    3. Keep other settings as is


  9. No mapping need to be defined.
  10. Finish the process and close the resulting dialog.
  11. Now enable the Squirro app for everybody, by clicking on the hamburger menu and clicking "ON for everyone"

Configure SAML Metadata

To configure SAML Single Sign-On with the federation metadata file, go to the Server space in Squirro and in the navigation on the left select Single Sign-On (SAML).

Press the red plus button on the top right. Fill out the form:

  • Domain: *
  • Enabled: Check
  • Metadata file: upload the GoogleIDPMetadata-squirro.com.xml file that was downloaded from Google earlier
  • User group: Select a user group which should be assigned to all SSO users

Enable SSO

For security reasons, the final configuration needs to be done directly on the server. Log into the server using SSH or similar means and edit the file /etc/squirro/frontend.ini. Then append the following lines at the end:

[security]
sso_enabled = true
sso_endpoint = http://localhost:81/studio/extauth_saml/extauth

Reduce HTTP Session

By default Squirro will keep user sessions for 30 days, surviving browser restarts as well. In a Single Sign-On environment, this should be changed to the session expiring once the user restarts the browser. This can be achieved by changing /etc/squirro/frontend.ini and adding the following lines:

[frontend]
session_permanent = false

Restart the frontend service to make these config file changes active:

service sqfrontendd restart


  • No labels