View Attach (2) Info

Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
png
 saml1.png 177.8 kB 1 05-Dec-2023 05:32 Ben Spink
png
 saml2.png 211.5 kB 1 05-Dec-2023 05:32 Ben Spink

This page (revision-25) was last changed on 24-Mar-2024 05:22 by Ben Spink

This page was created on 05-Dec-2023 05:32 by Ben Spink

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Difference between version and

At line 4 changed 6 lines
This plugin is for advanced users in an organization using SAML. While this config is generic (from Okta) in its description to all SAML providers, see the Microsoft ADFS config example for specifics on ADFS. *[SAMLSSO_ADFS]*\\
!For a generic config, you can get these items form their config.xml (Keycloak for example):\\
CrushFTP:Redirect URL = HTTP-POST URL\\
CrushFTP:SAML Provider URL = EntityID\\
CrushFTP:SAML Issuer = ClientID\\
CrushFTP:Signing certificate = X-509 Certificate\\
This plugin is for advanced users in an organization using SAML. While this config is generic (from [Okta]) in its description to all SAML providers, see the Microsoft ADFS config example for specifics on ADFS. *[SAMLSSO_ADFS]* Another example is *[SAMLSSO_AZURE]* config example.\\
''Okta calls their generic config 'SAML Service Provider'.''\\
!For a generic config, you can get these items from the 'config.xml' (Keycloak for example):\\
{{{
CrushFTP:Redirect URL = HTTP-POST URL
CrushFTP:SAML Provider URL = EntityID
CrushFTP:SAML Issuer = ClientID (or ApplicationID)
CrushFTP:Signing certificate = X.509 Certificate
}}}
At line 11 changed one line
For configuring through a DMZ, this requires Crush 8.3.0_8+ and for both the DMZ instance and internal instance to have identical configurations. If you are using the groups attribute in SAML to specify group memberships, add them into the LDAP roles area using the same group name SAML returns. Set the cache timeout to be "-1" and it will skip connecting to the LDAP configured server info. (Which is what you want if using SAML groups.)\\
For configuring through a DMZ, this requires Crush 8.3.0_8+ and for both the DMZ instance and internal instance to have identical configurations. If you are using the groups attribute in SAML to specify group memberships, add them into the LDAP roles area using the same group name SAML returns. Set the cache timeout to be "-1" and it will skip connecting to the LDAP configured server info. (Which is what you want if using SAML groups.) If you don't have LDAP and don't have groups being passed through, you can add the special group name "-ALL_ROLES-" and it will allow all logins from SAML.\\
At line 37 added 3 lines
\\
\\
''
Version Date Modified Size Author Changes ... Change note
25 24-Mar-2024 05:22 2.657 kB Ben Spink to previous
24 05-Dec-2023 05:32 3.231 kB Ben Spink to previous | to last
23 05-Dec-2023 05:32 3.005 kB krivacsz to previous | to last
22 05-Dec-2023 05:32 3.035 kB krivacsz to previous | to last
21 05-Dec-2023 05:32 3.004 kB krivacsz to previous | to last
« This page (revision-25) was last changed on 24-Mar-2024 05:22 by Ben Spink
G’day (anonymous guest)
CrushFTP11 | What's New

Referenced by
LeftMenu

JSPWiki