diff options
| author | Ricardo Marques <rimarques@suse.com> | 2018-06-11 11:29:08 +0200 |
|---|---|---|
| committer | Ricardo Marques <rimarques@suse.com> | 2018-11-08 16:27:37 +0100 |
| commit | 04f4d5053e2181ba70731ce2d253af208dadc7f1 (patch) | |
| tree | 8b7f1f0aa3d1633450a401e752b46f3267d8abae /doc | |
| parent | Merge pull request #24817 from tone-zhang/wip-64-assert (diff) | |
| download | ceph-04f4d5053e2181ba70731ce2d253af208dadc7f1.tar.xz ceph-04f4d5053e2181ba70731ce2d253af208dadc7f1.zip | |
mgr/dashboard: SAML 2.0 support
Fixes: https://tracker.ceph.com/issues/24268
Signed-off-by: Ricardo Dias <rdias@suse.com>
Signed-off-by: Ricardo Marques <rimarques@suse.com>
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/mgr/dashboard.rst | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/doc/mgr/dashboard.rst b/doc/mgr/dashboard.rst index ac21ab42200..5d938169229 100644 --- a/doc/mgr/dashboard.rst +++ b/doc/mgr/dashboard.rst @@ -319,6 +319,53 @@ You need to tell the dashboard on which url Grafana instance is running/deployed The format of url is : `<protocol>:<IP-address>:<port>` You can directly access Grafana Instance as well to monitor your cluster. +Enabling Single Sign-On (SSO) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The Ceph Manager Dashboard supports external authentication of users via the +`SAML 2.0 <https://en.wikipedia.org/wiki/SAML_2.0>`_ protocol. You need to create +the user accounts and associate them with the desired roles first, as authorization +is still performed by the Dashboard. However, the authentication process can be +performed by an existing Identity Provider (IdP). + +.. note:: + Ceph Dashboard SSO support relies on onelogin's + `python-saml <https://pypi.org/project/python-saml/>`_ library. + Please ensure that this library is installed on your system, either by using + your distribution's package management or via Python's `pip` installer. + +To configure SSO on Ceph Dashboard, you should use the following command:: + + $ ceph dashboard sso setup saml2 <ceph_dashboard_base_url> <idp_metadata> {<idp_username_attribute>} {<idp_entity_id>} {<sp_x_509_cert>} {<sp_private_key>} + +Parameters: + +- **<ceph_dashboard_base_url>**: Base URL where Ceph Dashboard is accessible (e.g., `https://cephdashboard.local`) +- **<idp_metadata>**: URL, file path or content of the IdP metadata XML (e.g., `https://myidp/metadata`) +- **<idp_username_attribute>** *(optional)*: Attribute that should be used to get the username from the authentication response. Defaults to `uid`. +- **<idp_entity_id>** *(optional)*: Use this when more than one entity id exists on the IdP metadata. +- **<sp_x_509_cert> / <sp_private_key>** *(optional)*: File path or content of the certificate that should be used by Ceph Dashboard (Service Provider) for signing and encryption. + + +To display the current SAML 2.0 configuration, use the following command:: + + $ ceph dashboard sso show saml2 + +.. note:: + For more information about `onelogin_settings`, please check the `onelogin documentation <https://github.com/onelogin/python-saml>`_. + +To disable SSO:: + + $ ceph dashboard sso disable + +To check if SSO is enabled:: + + $ ceph dashboard sso status + +To enable SSO:: + + $ ceph dashboard sso enable saml2 + Accessing the dashboard ^^^^^^^^^^^^^^^^^^^^^^^ |