SAML Authentication
The saml_auth
plugin allows users to authentication with your SAML provider of choice.
To enable SAML authentication you must:
- Add
saml_auth
to thePLUGINS_ENABLED
list infg/settings/config.py
- Add some configuration detials to
fg/settings/config.py
- Configure the details of your SAML provider in in
fg/settings/secrets.py
per instructions provided here. - Build the docker image with the build argument ENABLE_SAML set to true:
$ docker build --build-arg ENABLE_SAML=true -t quay.io/vsoch/freegenes .
If you haven’t yet created a secrets.py, a good start is to do the following:
cp fg/settings/dummy_secrets.py fg/settings/secrets.py
Quick Start
This quick start is intended to demonstrate basic functionality of the SAML authentication.
Edit Config.py
In the file fg/settings/config.py
you should add the name of your institution (used to render the button)
along with the idp (the unique identifier for your SAML server request). That means uncommenting these lines.
# AUTH_SAML_IDP = "stanford"
# AUTH_SAML_INSTITUTION = "Stanford University"
so they appear like:
AUTH_SAML_IDP = "stanford"
AUTH_SAML_INSTITUTION = "Stanford University"
Setting up SAML Auth
In secrets.py
you will need to define the variables specified here, and that includes generating your certificate, which looks something like:
openssl req -new -x509 -days 3652 -nodes -out saml.crt -keyout saml.key
cat saml.key
mv saml.crt /etc/ssl/certs
mv saml.key /etc/ssl/private
and then generate the metadata.xml
by going to http://localhost/saml.xml
. Usually institutions have different portals for submitting metadata / getting information about SAML, for Stanford the information is via the SAML SP Service Provider Database.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.