From Customers:

Setup your SAML provider IdP following the steps provided in the link below for your Idp. For e.g. - For Google based SAML login, follow the steps

https://boxyhq.com/docs/jackson/sso-providers/google

Enter following values in the Service provider details section:

ACS URL - https://<your kloudfuse domain name>/api/oauth/saml
Entity ID - https://<your kloudfuse domain name>/samlresponse

Generate Metadata (XML file) and save the file. Provide it to kloudfuse. It’s required to configure the kloudfuse connection with your SAML provider.

SAML Setup in Kloudfuse:

A. Metadata-Secret Setup

  1. Rename the obtained metadata (XML) file from the customer to “kfuse.xml” exactly.

OR

  1. If the customer provided you with a url to the metadata file, then do a curl on the url and save its output to the “kfuse.xml” file name exactly. Save this directly in the customer’s terminal.

    curl {metadata xml file url} > kfuse.xml

  2. In the customer’s cluster and appropriate namespace, run this command

    kubectl create secret generic kfuse-xml --from-file=kfuse.xml

If kfuse-xml secret exists already and if you are re-creating it, then follow the steps in the troubleshooting section below.

B. In the environment values.yaml file -

  1. Enable the kfuse-saml flag to true in the “global“ section of the environment file.

  2. Set the dnsName tag to the customer’s kloudfuse domain name.

global:
  dnsName: <your kloudfuse domain name>
  kfuse-saml:
    enabled: true

  1. Set the flag saml-provider-name to the customer’s SAML provider name in kfuse-auth config.

  2. Set the flag existingSecret: "kfuse-auth-saml" in the config section of oauth2-proxy in kfuse-auth section.

  3. For example, for Okta as the SAML provider - 

kfuse-auth:
  oauth2-proxy:
    config:
      saml-provider-name: "Okta"
      existingSecret: "kfuse-auth-saml"

Now, do the general upgrade using the environment’s file.

Troubleshooting steps

  1. Exec into kfuse-configdb shell using command - 

    k exec -it kfuse-configdb-0 -- bash

  2. psql into the postgres using command -

    psql -U postgres

  3. It will ask for password for postgres. Provide that.

  4. Check if samldb database exists using the command-

    \l

  5. Delete and create the table samldb 

    DROP DATABASE samldb;
CREATE DATABASE samldb;