Difference between revisions of "Pandora: Documentation en: saml"

From Pandora FMS Wiki
Jump to: navigation, search
(Configuring your identity provider)
Line 9: Line 9:
 
Go to ''Administration -> Setup -> Authentication'' and select ''SAML'' under ''Authentication method''.
 
Go to ''Administration -> Setup -> Authentication'' and select ''SAML'' under ''Authentication method''.
  
<br>
 
<br>
 
 
<center>
 
<center>
 
[[image:Saml setup.png]]
 
[[image:Saml setup.png]]
 
</center>
 
</center>
<br>
 
<br>
 
  
 
== Configuring the service provider ==
 
== Configuring the service provider ==
Line 33: Line 29:
 
Navigate to your Pandora FMS Console and click on the ''Login'' button. You will be redirected to your identity provider.
 
Navigate to your Pandora FMS Console and click on the ''Login'' button. You will be redirected to your identity provider.
  
<br>
 
<br>
 
 
<center>
 
<center>
 
[[image:Saml idp.png|800px]]
 
[[image:Saml idp.png|800px]]
 
</center>
 
</center>
<br>
 
<br>
 
  
 
After a successful login you will be redirected back to the Pandora FMS Console.
 
After a successful login you will be redirected back to the Pandora FMS Console.

Revision as of 09:56, 14 July 2017

1 SAML Single Sign-On with Pandora FMS

SAML is an XML-based open standard for authentication and authorization. Pandora FMS Enterprise can act as a service provider with your internal SAML identity provider.

Template warning.png

Administrators are always authenticated against the local database.

 


1.1 Configuring Pandora FMS

Go to Administration -> Setup -> Authentication and select SAML under Authentication method.

Saml setup.png

1.2 Configuring the service provider

Download [SimpleSamlphp] and install it in /opt/simplesamlphp/. Make sure the file /opt/simplesamlphp/lib/_autoload.php exists. Follow the [SimpleSAMLphp Service Provider QuickStart] guide and configure the service provider. You will need your identity provider's metadata.

1.3 Configuring your identity provider

Configure your identity provider to send the following attributes to the service provider:

  • eduPersonTargetedId: A unique user identifier.
  • commonName: The name of the user.
  • mail: The user's email.
  • schacHomeOrganization: The group the user belongs to. It must exist in your Pandora FMS Console.

1.4 Logging in

Navigate to your Pandora FMS Console and click on the Login button. You will be redirected to your identity provider.

Saml idp.png

After a successful login you will be redirected back to the Pandora FMS Console.