Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Introduction

Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials (e.g., name and password) to access multiple applications. The service authenticates the end user for all the applications the user has rights to and eliminates further prompts when the user switches applications during the same session. On the back end, SSO is helpful for logging user activities as well as monitoring user accounts

Prerequisite

  • Server should implement https protocol with Apache Httpd

  • The SSO integration implemented using the SAML protocol

  • Client should have relevant SSO IDP details and configure SSO in SSO provider portal.

  • We might also need SSO provider jks file to import it in our file.

Enable SSO

  1. Mark “enableSSO” as true in server-config.json

  2. Mark “ssoEnabled” as true in uiConfig.json

  3. Open grafana default.ini file and enable following [auth.proxy] section, do not change other property[auth.proxy]
    enabled = true
    header_name = X-WEBAUTH-USER
    header_property = username
    auto_sign_up = true
    ldap_sync_ttl = 60
    whitelist =
    headers =

 4. Add following in Apache Httpd vhost file Apache24\conf\extra\httpd-vhosts.conf

SetEnvIf Cookie "(^|;\ *)username=([^;\ ]+)" MyCookieValue=$2
RequestHeader set X-WEBAUTH-USER "%{MyCookieValue}e"

 5. Restart Apache httpd server and Grafana

6. Add your SAML or SSO provider detail in server.config.json under “singleSignOnConfig” section

1

Key

Description

2

entityId:

Identifier (Entity ID) for your SMAL configuration

3

appId:

copy app id from App Federation Metadata Url

4

metadataUrl:

App Federation Metadata Url

5

metdataFilePath :

Download SAML Signing Certificate from sso provider site and store it in INSIGHTS_HOME

6

keyStoreFilePath:

path of certificae like saml-keystore.jks, Download this certificate from your sso provider URL 

7

keyAlias:

saml-keystore.jks username

8

keyPass:

saml-keystore.jks password

9

keyStorePass :

saml-keystore.jks password

10

appBaseUrl :

Application service Host URL https://<HostOrDomainName>/PlatformService

11

relayStateUrl :

SSO login UI page URL https://<HostOrDomainName>/app/#/ssologin

12

defaultTargetUrl :

Application user authenticate url https://<HostOrDomainName>/user/authenticate

13

postLogoutURL :

SAML or SSO provider logout URL, Example value https://login.microsoftonline.com/common/wsfederation?wa=wsignout1.0

14

tokenSigningKey:

This is use as secrete key to sign JWT token,It should be 128 character ,Example value:"insights_IDP_CogDevops_SSO_Token_string"

  • No labels

©2021 Cognizant, all rights reserved. US Patent 10,410,152