Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a SAML example using ssoMetadataURL #71

Closed
nwneisen opened this issue Jul 30, 2024 · 3 comments
Closed

Add a SAML example using ssoMetadataURL #71

nwneisen opened this issue Jul 30, 2024 · 3 comments
Assignees
@KoryKessel-Mirantis
Labels
auth Relates to authentication Docs-A Critical

Comments

@nwneisen
Copy link
Collaborator

An example should be added to the SAML docs that shows users how to use ssoMetadataURL.

This field was added to mirror the current SAML config in MKE3. When this field is used, none of the other SAML fields are needed. MKE4 will make a request to the URL and pull all of the other SAML fields from the URL.
@nwneisen nwneisen added the auth Relates to authentication label Jul 30, 2024
@KoryKessel-Mirantis
Copy link
Collaborator

@nwneisen, can you provide a good example or point me to someone who can?

@KoryKessel-Mirantis KoryKessel-Mirantis self-assigned this Aug 29, 2024
@nwneisen
Copy link
Collaborator Author

nwneisen commented Aug 29, 2024
edited
Loading

This is what the URL for my Okta SAML metadata url looks like

ssoMetadataURL: https://dev-64105006.okta.com/app/exk75pi5do2MzU1t95r7/sso/saml/metadata

And the output when visiting the URL

<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="http://www.okta.com/exk75pi5do2MzU1t95r7">
<md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIDqDCCApCgAwIBAgIGAYRZVRraMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYDVQQGEwJVUzETMBEG A1UECAwKQ2FsaWZvcm5pYTeWMBQGA1UEBwwNU2FuIEZyYW5jaXNjszENMAsGA1UECgwET2t0YTEU MBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDGRldi02NDEwNTAwNjEcMBoGCSqGSIb3DQEJ ARYNaW5mb0Bva3RhLmNvbTAeFw0yMjExMDgyMjIwMDBaFw0zMjExMDgyMjIxMDBaMIGUMQswCQYD VQQGEwJVUzETMBEGA1UECAwKQ2FsaWevcmcpYTEqMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsG A1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDGRldi02NDEwNTAwNjEc MBoGCSqGSIb3DQEJARYNaW5mb0Bva3RhLmNvbTCCdSIwDQYJKoZIhvcNAcEBBQADggEPADCCAQoC ggEBAMBMAL7j8+FckMRBx9nIllViMRF8Ah/Gfxnjm4r3LqSdAkMnG4lch7jPNxwy43oOzeO55Ee2 oOqO5RyY0LxhNhGgITzMU1l/I7j6Z/T845aaoadkFe6AHr4sA1PWquw7fPRIgVhDJUbBvtPwf8SI +ncMSkoulQ+FitheN8n+o/7obEfKQxvSbdTudDZgPtPAY2G9VMjhYVnwked9u8ZrAj3IckS6UWlB WV/BG/XDn2wawuQco2/sR3qhUi6cvIpXtSkArW4LCqp2PZH/ItgaTSR+UjfiIaQQBUvUq2E2JGO6 SiuGWjNHGo6+S0cT2rgkTKSqLzjME9BeSw9J45HtmY0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEA LoOtDbvh9vQdCpjZ4enLdBBls2cIr7/YRl43Sv0MGcckQYwOk9OZg9uuMsUJTp6fkbjy1kBfbj7R ZSqNTtQGMs8V30kxCfpxFOBUOm6f/pKJvGqkDjOXMLaWMuwM+j//LYw8N9EIEnH8aN4e7sitHL3L ORpQ8I+M9lRUATgzUaz59dLNHHO9sg5ikDE2kL84U9nQAMDXc+vsUordGRUotVlvIuXT8Hv63OSS akpuYR4Jx9l9XV4nOufhmAZh2dKJKd7c+wlQuJNL+xBEax2F6qQfCjzLEnWEx5wt3vT0EtCGLBOU ZIBHiRNuPYueZ9PdRkpWJpscyjZsfbgzhMCbRg==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://dev-64105006.okta.com/app/dev-63105106_mke_2/exk75pi5do2MzU1t95r7/sso/saml"/>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://dev-63105106.okta.com/app/dev-63105106_mke_2/exk75pi5do2MzU1t95r7/sso/saml"/>
</md:IDPSSODescriptor>
</md:EntityDescriptor>

All values have been modified from originals so they are no longer valid

@nwneisen nwneisen mentioned this issue Oct 2, 2024
Closed
@KoryKessel-Mirantis KoryKessel-Mirantis added the Docs-A Critical label Oct 11, 2024
@nwneisen nwneisen mentioned this issue Oct 18, 2024
Merged
@KoryKessel-Mirantis
Copy link
Collaborator

Closing as PR is in flight.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@KoryKessel-Mirantis KoryKessel-Mirantis

Labels
auth Relates to authentication Docs-A Critical
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nwneisen @KoryKessel-Mirantis