Skip to content

SAML Configuration

SAML configuration allows you to customize various aspects of the SAML-based Single Sign-On (SSO) integration in the Privacera Portal. These settings help fine-tune the SSO experience to align with your organization's specific needs. Available configuration options include:

  • SAML Skew Time: SAML skew time provides a buffer for time discrepancies between the Identity Provider (IdP) and the Privacera Portal during SAML authentication. Proper configuration of the skew time helps prevent authentication failures caused by clock mismatches.

  • Global Logout URL: This configuration enables or disables the global logout URL functionality. When enabled, users are redirected to a specified URL upon logging out, which can be useful for directing them to a custom logout page or another application.

  • Force Authentication: This configuration enables or disables the global logout URL functionality. When enabled, users are redirected to a specified URL upon logging out, which can be useful for directing them to a custom logout page or another application.

Custom SAML Configuration

  1. SSH into the instance where Privacera Manager is installed.

  2. Navigate to the configuration directory:

    Bash
    1
    cd ~/privacera/privacera-manager/config

  3. Copy the sample variables to the custom variables directory if they are not already present:

    Bash
    1
    cp -n sample-vars/vars.portal.yml custom-vars/vars.portal.yml

  4. Open the vars.portal.yml file for editing:

    Bash
    1
    vi custom-vars/vars.portal.yml

  5. Locate the variable for skew time and uncomment it. Then, set the desired skew time in seconds.

    YAML
    1
2
    #### Uncomment the variable to set the skew time in seconds
SAML_RESPONSE_SKEW_SEC: <SKEW_TIME_IN_SECONDS>

    Example:

    YAML
    1
    SAML_RESPONSE_SKEW_SEC: 300

  6. Locate the variable for enabling the global logout URL and uncomment it. Set it to true or false:

    YAML
    1
2
    #### Uncomment the variable to enable or disable the global logout URL
SAML_GLOBAL_LOGOUT: <true_or_false>

    Example:

    YAML
    1
    SAML_GLOBAL_LOGOUT: true

  7. Locate the variable for force authentication and uncomment it. Set it to true or false:

    YAML
    1
2
    #### Uncomment the variable to enable or disable force authentication
SAML_FORCE_AUTHN: <true_or_false>

    Example:

    YAML
    1
    SAML_FORCE_AUTHN: true

  8. Save and close the file.

Deploying the Service

  1. Generate the Helm charts. This step prepares the required Kubernetes configurations for deploying the Privacera services.

    Bash
    1
2
    # This step usually takes a few minutes.
./privacera-manager.sh setup

  2. Apply the Helm charts. This will deploy the Privacera services to your Kubernetes cluster and may take a few minutes.

    Bash
    1
    ./pm_with_helm.sh upgrade

  3. Perform post-installation steps, such as generating the plugin tarball and updating Route 53 DNS. These steps are essential to finalize the deployment and ensure that all services are properly configured.

    Bash
    1
    ./privacera-manager.sh post-install

By customizing these SAML configurations, you can enhance the security, usability, and overall functionality of your SSO integration with the Privacera Portal.

Comments