Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

From Customers:

Setup your SAML provider IdP following the steps provided in the link below for your Idp. For e.g. - For Google based SAML login, follow the steps

https://boxyhq.com/docs/jackson/sso-providers/google

Enter following values in the Service provider details section:

ACS URL - https://<your kloudfuse domain name>/api/oauth/saml
Entity ID - https://<your kloudfuse domain name>/samlresponse

Generate Metadata (XML file) and save the file. Provide it to kloudfuse. It’s required to configure the kloudfuse connection with your SAML provider.

SAML Setup in Kloudfuse:

A. Metadata-Secret Setup

  1. Rename the obtained metadata (XML) file to “kfuse.xml” exactly.

  2. In the customer’s cluster and appropriate namespace, run this command

    kubectl create secret generic kfuse-xml --from-file=kfuse.xml

If kfuse-xml secret exists already and if you are re-creating it, then follow the steps in the troubleshooting section below.

B. In the environment values.yaml file -

  1. Enable the kfuse-saml flag to true.

  kfuse-saml:
    enabled: true

  1. Set the flag saml-provider-name to the customer’s SAML provider name in kfuse-auth config. For example, for Okta as the SAML provider -

kfuse-auth:
  oauth2-proxy:
    config:
      saml-provider-name: "Okta"

  1. Ensure that flag “existingSecret” exists and is non-empty.

    kfuse-auth:
  oauth2-proxy:
    config:
      existingSecret: "kfuse-auth-saml"

Now, do the general upgrade using the environment’s file.

Troubleshooting steps

  1. Exec into kfuse-configdb shell. 

    k exec -it kfuse-configdb-0 -- bash

  2. psql into the postgres 

    psql -U postgres

  3. Check all tables and if samldb exist 

    \l

  4. Delete and create the table samldb 

    drop database samldb;
createdb samldb

  • No labels