GithubHelp home page GithubHelp logo

natewalck / crypt-server-saml Goto Github PK

View Code? Open in Web Editor NEW

This project forked from grahamgilbert/crypt-server-saml

0.0 1.0 0.0 56 KB

A Docker container for Crypt Server that uses SAML

License: Apache License 2.0

Dockerfile 1.05% Python 98.46% Shell 0.49%

crypt-server-saml's Introduction

docker-crypt-server-saml

A Docker container for Crypt Server that uses SAML

You will almost certainly need to edit settings.py and provide your own metadata.xml file from your SAML provider.

The following instructions are provided as a best effort to help get started. They might require modifications to meet specific environments.

settings.py changes you will certainly need to make

An example Docker run

Please note that this docker run is incomplete, but shows where to pass the metadata.xml and settings.py

docker run -d --name="crypt" \
-p 80:8000 \
-v /yourpath/metadata.xml:/home/docker/crypt/fvserver/metadata.xml \
-v /yourpath/settings.py:/home/docker/crypt/fvserver/settings.py \
--restart="always" \
macadmins/crypt-server-saml:2.2.0

Notes on OneLogin

  1. In the OneLogin admin portal click on Apps > Add Apps.

  2. Search for SAML Test Connector (IdP). Click on this option.

  3. Give the application a display name, upload a icon if you wish, and then click save.

  4. Under "Configuration" tab, you will need at least the minimum settings shown below:

  5. Under the "Parameters" tab, you will need to add the custom iDP Fields/Values. The process looks like:

    • Click "Add parameter"
      • Field name: FIELD_NAME
      • Flags: Check the Include in SAML assertion
    • Now click on the created field and set the appropriate FIELD_VALUE based on the table below.

    Repeat the above steps for all required fields:

    FIELD_NAME FIELD_VALUE
    urn:mace:dir:attribute-def:cn First Name
    urn:mace:dir:attribute-def:sn Last Name
    urn:mace:dir:attribute-def:mail Email
    urn:mace:dir:attribute-def:uid Email name part

  6. Under the "SSO" tab, download the "Issuer URL" metadata file. This will be mounted in your docker container (see above).

  7. Under the "SSO" tab, you will find the "SAML 2.0 Endpoint" and "SLO Endpoint" which will go into the settings.py > idp section.

  8. Lastly, "Save" the SAML Test Connector (IdP).

Notes on Okta

Okta has a slightly different implementation and a few of the tools that this container uses, specifically pysaml2 and djangosaml2, do not like this implementation by default. Please follow the setup instructions, make sure to replace the example URL:

  1. Create a new app from the admin portal

    Platform: Web Sign on method: SAML 2.0

  2. Under "General Settings", give the app a name, add a logo and modify app visibility as desired.

  3. Under "Configure SAML" enter the following (if no value is given after the colon leave it blank):

    General

    Single sign on URL: https://crypt.example.com/saml2/acs/ Use this for Recipient URL and Destination URL: Checked Allow this app to request other SSO URLs: Unchecked (If this option is available) Audience URI (SP Entity ID): https://crypt.example.com/saml2/metadata/ Default RelayState: Default RelayState: Unspecified Application username: Okta username

    Attribute Statements

    Name Format Value
    urn:mace:dir:attribute-def:cn Basic ${user.firstName}
    urn:mace:dir:attribute-def:sn Basic ${user.lastName}
    urn:mace:dir:attribute-def:mail Basic ${user.email}
    urn:mace:dir:attribute-def:uid Basic ${user.login}

    Group Attribute Statements

    crypt does not support these at this time.

  4. Under "Feedback":

    Are you a customer or partner? I'm an Okta customer adding an internal app App type: This is an internal app that we have created

Now that Okta is setup you will need to modify your settings.py to match. Note if you used the Attribute Statements above you should not have to modify the SAML_ATTRIBUTE_MAPPING variable. The metadata file can be downloaded from the Application's "Sign On" tab > Settings > SAML 2.0 > "Identity Provider metadata" link. The idp URLs are found under the "Sign On" > Settings > SAML 2.0 > "View Setup Instructions" button.

Help

For more information on what to put in your settings.py, look at https://github.com/knaperek/djangosaml2

crypt-server-saml's People

Contributors

clburlison avatar erikng avatar grahamgilbert avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.