Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Documentation refactor #8

Merged
merged 7 commits into from
Sep 4, 2020
Merged

Documentation refactor #8

merged 7 commits into from
Sep 4, 2020

Conversation

RomanKosovnenko
Copy link

SAML configuration documentation in a separate file

@RomanKosovnenko RomanKosovnenko added the blocked Wait for another PR label Sep 3, 2020
@RomanKosovnenko RomanKosovnenko self-assigned this Sep 3, 2020
@RomanKosovnenko RomanKosovnenko removed the blocked Wait for another PR label Sep 4, 2020

Greenlight is a Service Provider, that connects to IdP to get authentification.

Unfortunatly, Greenlight not supported SAML out of the box. But there is a [PR Request](https://github.com/bigbluebutton/greenlight/pull/1334) thet gives needed functionality.
Copy link

@K0nstantine K0nstantine Sep 4, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

... does not support SAML... that gives ...

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

## SAML configuration
SAML configuration required configuration from both sides.
1. Greenlight required uniq identifier of SP, that should be stored in IdP.
The best way is to set SAML_ISSUER variable in .env and then lookup greenlight metadata from IpD.
Copy link

@K0nstantine K0nstantine Sep 4, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

... from IdP.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.


2. Set SAML_IDP_URL variable. SAML_IDP_URL is the URL to which the authentication request should be sent. This would be on the identity provider. It can be found in the IDP's metadata in the <md:SingleSignOnService> tag. Get this tag from IdP metadata.

3. SAML_IDP_CERT_FINGERPRINT is the fingerprint of the certificate used by the IDP in sha1, for example "25:72:85:66:C9:94:22:98:36:84:11:E1:88:C7:AC:40:98:F9:E7:82"(without ").

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

... IdP ... be consistent ;)

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.


3. SAML_IDP_CERT_FINGERPRINT is the fingerprint of the certificate used by the IDP in sha1, for example "25:72:85:66:C9:94:22:98:36:84:11:E1:88:C7:AC:40:98:F9:E7:82"(without ").
4. SAML_NAME_IDENTIFIER - could get from IdP metadata. by default it is "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
5. All others variables needed to map SAML response fields to user fields in the Greenlight.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All other variables ... to the user fields...

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

3. SAML_IDP_CERT_FINGERPRINT is the fingerprint of the certificate used by the IDP in sha1, for example "25:72:85:66:C9:94:22:98:36:84:11:E1:88:C7:AC:40:98:F9:E7:82"(without ").
4. SAML_NAME_IDENTIFIER - could get from IdP metadata. by default it is "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
5. All others variables needed to map SAML response fields to user fields in the Greenlight.
To get all available fields check IdP or record network activity in developer console in your browser. Try to sign in using SAML, copy encoded SAML Response, decode it using [decoder](https://www.samltool.com/decode.php) and map values from responce by name fields to variables in .env

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

... map values from the response to the variables in .env by the fields' name...

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@K0nstantine K0nstantine merged commit f6c054b into master Sep 4, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants