Configuring for SAML Authentication
Warning
Chef Manage is deprecated and no longer under active development. It is supported on Chef Automate installations up to version 1.8 and replaced by Chef Automate 2.0. Contact your Chef account representative for information about upgrading your system. See our Automate documentation to learn more about Chef Automate 2.
This document is no longer maintained.
Chef Manage can support logging in users via SAML authentication. In order to do so, there must be a Chef Automate Server that is configured to act as a SAML Identity Provider (IdP). When the Chef Automate Server is configured to do so, it will provide an OpenID Connect (OIDC) protocol end-point that Chef Manage can use to initiate authentication.
Configuring Chef Manage
To configure the Chef Infra Server management console, first add the following code to /etc/chef-manage/manage.rb
:
saml.enabled true
saml.issuer_url '<AUTOMATE OIDC ENDPOINT>'
Second, store your OIDC client credentials with using the Secrets Management commands:
chef-server-ctl set-secret saml client_id '<CLIENT ID>'
chef-server-ctl set-secret saml client_secret '<CLIENT SECRET>'
The issuer_url
property should be set to something like 'https://<yourChefAutomateDomain>/api/v0'
. Also, the client_id
must be known to the Chef Automate server. For development purposes only, you may also need to turn off the TLS verification for the OIDC client by adding
saml.verify_tls false
to your Chef Manage configuration.
Finally, run chef-manage-ctl reconfigure
to apply these settings.
Warning
© Chef Software, Inc.
Licensed under the Creative Commons Attribution 3.0 Unported License.
The Chef™ Mark and Chef Logo are either registered trademarks/service marks or trademarks/servicemarks of Chef, in the United States and other countries and are used with Chef Inc's permission.
We are not affiliated with, endorsed or sponsored by Chef Inc.
https://docs.chef.io/server_configure_saml/