From 7c891e9c75759cacc79911aedebc9c9f13cc2084 Mon Sep 17 00:00:00 2001 From: Kevin Bimonte Date: Sun, 22 Sep 2024 11:42:12 -0400 Subject: [PATCH] feat: Add SAML Authorization Operations File (#257) --- cluster/operations/generic-saml.yml | 30 +++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 cluster/operations/generic-saml.yml diff --git a/cluster/operations/generic-saml.yml b/cluster/operations/generic-saml.yml new file mode 100644 index 0000000..7ddef84 --- /dev/null +++ b/cluster/operations/generic-saml.yml @@ -0,0 +1,30 @@ +# +# This operations file will configure web to accept SAML Auth via an +# external provider. +# +# It will add the SAML Auth Properties to web along with user and group +# properties to set the user and group binds +# +--- +- type: replace + path: /instance_groups/name=web/jobs/name=web/properties/saml_auth? + value: + ca_cert: ((saml_auth_ca_cert)) + display_name: ((saml_auth_display_name)) + email_attr: ((saml_auth_email_attr)) + entity_issuer: ((saml_auth_entity_issuer)) + groups_attr: ((saml_auth_groups_attr)) + groups_delim: ((saml_auth_groups_delim)) + insecure_skip_verify: ((saml_auth_insecure_skip_verify)) + name_id_policy_format: ((saml_auth_name_id_policy_format)) + sso_issuer: ((saml_auth_sso_issuer)) + sso_url: ((saml_auth_sso_url)) + username_attr: ((saml_auth_username_attr)) + +- type: replace + path: /instance_groups/name=web/jobs/name=web/properties/main_team?/auth/saml/users + value: ((main_team.saml.saml_users)) + +- type: replace + path: /instance_groups/name=web/jobs/name=web/properties/main_team?/auth/saml/groups + value: ((main_team.oauth.saml_groups))