SAML2 Configuration

SAML2 Configuration

Specify the manifest XML file location for your SAML2 IDP service within the config file and add the entity ID which is usually the server URL. Additionally, set the certificaate files. These can be reused form the NGinx certs and will be used to sign requests, though most setups don't sign requests, just the response from the IDP service.

The SAML manifest is a URL pointing to the IDP server manifest xml. For MS this is usually located at /FederationMetadata/2007-06/FederationMetadata.xml. The file 'meta_file' is a location to store this locally.

[auth]
type: saml2
saml_manifest: https://sso.xxx.com/FederationMetadata/2007-06/FederationMetadata.xml
meta_file = /var/crackq/files/saml/idp_meta_file.xml
entity_id = https://crackq.xxx.com
group = domain\Domain Users
sp_cert_file = /var/crackq/files/saml/certificate.pem
sp_key_file = /var/crackq/files/saml/private.key

Generate a metadata file for our side by using the following command:

sudo docker exec -it crackq make_metadata.py ./crackq/sp_conf.py > /<insert-accessible-path>/sp_meta_file.xml

This can be used to import on the authenticating IDP server to allow the CrackQ server to act as the SP. So the next step should be to import this to the authenticating IDP server.

Specify the group to use for authorization requests, this is the domain group in the case of MS ADFS. This file can be provided to the IDP administrators to permit authentication form this SP (CrackQ).

Discord Channel Invite

https://discord.gg/PN7CVbt494

CrackQ

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

SAML2 Configuration

Discord Channel Invite

Clone this wiki locally