mirror of
https://github.com/open-metadata/OpenMetadata.git
synced 2025-10-31 18:48:35 +00:00
34fbe5d64c
* DOCS - Prepare 1.7 Release and 1.8 SNAPSHOT * DOCS - Prepare 1.7 Release and 1.8 SNAPSHOT
1.8 KiB
1.8 KiB
| title | slug | collate |
|---|---|---|
| SAML SSO for Kubernetes | /deployment/security/saml/kubernetes | false |
SAML SSO for Kubernetes
See the snippet below for an example of SAML configurations in the values.yaml.
The configuration below already uses the presets shown in the example of saml configurations, you can change to yours.
openmetadata:
config:
idp:
entityId: ${SAML_IDP_ENTITY_ID:-"https://mocksaml.com/api/saml/sso"}
ssoLoginUrl: ${SAML_IDP_SSO_LOGIN_URL:-"https://saml.example.com/entityid"}
idpX509Certificate: ${SAML_IDP_CERTIFICATE:-""}
authorityUrl: ${SAML_AUTHORITY_URL:-"http://localhost:8585/api/v1/saml/login"}
nameId: ${SAML_IDP_NAME_ID:-"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"}
sp:
entityId: ${SAML_SP_ENTITY_ID:-"http://localhost:8585/api/v1/saml/acs"}
acs: ${SAML_SP_ACS:-"http://localhost:8585/api/v1/saml/acs"}
spX509Certificate: ${SAML_SP_CERTIFICATE:-""}
callback: ${SAML_SP_CALLBACK:-"http://localhost:8585/saml/callback"}
security:
strictMode: ${SAML_STRICT_MODE:-false}
tokenValidity: ${SAML_SP_TOKEN_VALIDITY:-"3600"}
sendEncryptedNameId: ${SAML_SEND_ENCRYPTED_NAME_ID:-false}
sendSignedAuthRequest: ${SAML_SEND_SIGNED_AUTH_REQUEST:-false}
signSpMetadata: ${SAML_SIGNED_SP_METADATA:-false}
wantMessagesSigned: ${SAML_WANT_MESSAGE_SIGNED:-false}
wantAssertionsSigned: ${SAML_WANT_ASSERTION_SIGNED:-false}
wantAssertionEncrypted: ${SAML_WANT_ASSERTION_ENCRYPTED:-false}
wantNameIdEncrypted: ${SAML_WANT_NAME_ID_ENCRYPTED:-false}
keyStoreFilePath: ${SAML_KEYSTORE_FILE_PATH:-""}
keyStoreAlias: ${SAML_KEYSTORE_ALIAS:-""}
keyStorePassword: ${SAML_KEYSTORE_PASSWORD:-""}
{% partial file="/v1.7/deployment/configure-ingestion.md" /%}