SSO/SAML support

[pimguilherme]

Hi dear stackstorm maintainers/community!

I've been working on a PR to implement SSO/SAML using whatever we currently have as a base (st2-auth-backend-sso-saml2) and some other bits and pieces of SSO through the main st2 repository.

I asked around in slack if this had any traction and apparently not, so I just went ahead and started implementing some of it because we need that for our strategy at the company I work for.

Are there any other guidelines regarding contribution other than these items? https://github.com/StackStorm/st2/blob/abb694b85f75dc543ecea7df6b87def4bce53309/CONTRIBUTING.rst https://docs.stackstorm.com/development/index.html

I am currently focusing on getting it working on manual tests and will write proper tests afterwards, but can I count on some assistance to further validate/refine this as it progresses?

here's a bit of how it looks so far.. https://user-images.githubusercontent.com/1406885/164324464-29150514-1b5c-415d-bb71-d1e5f2cf568a.mp4

if you have any SAML/SSO material, that would be lovely as well.. currently I've been trying to base the implementation off gravitational/teleport

thanks!!

[bertyah]

+1 for interested parties here. I have been running automation with stackstorm-ha deployed in AWS at my org for the past 6 months and it has been working great. The worst part is user management, so SSO would be amazing.

Let me know if I can do anything to help.

[rrahman-nv]

I am looking to integrate aws cognito with st2 for SSO, do we have any documentation on SSO set up yet? I have st2 set up in AWS EKS, so I am unclear how I can update SSO configs for st2, is that supported yet?

[sidharth61]

You can follow https://github.com/StackStorm/st2/issues/5625 this for sso

On Mon, Mar 11, 2024 at 5:47 PM rrahman-nv @.***> wrote:

I am looking to integrate aws cognito with st2 for SSO, do we have any documentation on SSO set up yet? I have st2 set up in AWS EKS, so I am unclear how I can update SSO configs for st2, is that supported yet?

— Reply to this email directly, view it on GitHub https://github.com/StackStorm/st2/issues/5625#issuecomment-1988308089, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABEK5FAQKEMZZECSA7PBRYLYXWOFLAVCNFSM5T5JLGX2U5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TCOJYHAZTAOBQHA4Q . You are receiving this because you were mentioned.Message ID: @.***>

[sidharth61]

This solution worked for me

On Tue, Mar 12, 2024 at 1:27 AM sidharth singh @.***> wrote:

You can follow https://github.com/StackStorm/st2/issues/5625 this for sso

On Mon, Mar 11, 2024 at 5:47 PM rrahman-nv @.***> wrote:

I am looking to integrate aws cognito with st2 for SSO, do we have any documentation on SSO set up yet? I have st2 set up in AWS EKS, so I am unclear how I can update SSO configs for st2, is that supported yet?

— Reply to this email directly, view it on GitHub https://github.com/StackStorm/st2/issues/5625#issuecomment-1988308089, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABEK5FAQKEMZZECSA7PBRYLYXWOFLAVCNFSM5T5JLGX2U5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TCOJYHAZTAOBQHA4Q . You are receiving this because you were mentioned.Message ID: @.***>

[ArpanBalpande]

Hi @pimguilherme,

First and foremost, this PR is very helpful and it's surely a lot of work. Thanks for your contribution. I got a chance to try the steps listed at the end of this comment: https://github.com/StackStorm/st2/issues/5625#issuecomment-1192960089

But I'm getting the below error:

8.917 E: Invalid archive signature 8.917 E: Internal error, could not locate member control.tar.{zstlz4gzxzbz2lzma} 8.917 E: Could not read meta data from /tmp/st2.deb 8.917 E: The package lists or status file could not be parsed or opened.

I noticed that the same issue was reported by @rush-skills, here: https://github.com/StackStorm/st2/issues/5625#issuecomment-1268596745

Looks like the .dep package is no longer available at the source, do you know how can I make this work?

[pimguilherme]

hey @ArpanBalpande, thanks for reaching out! I remember I used to build this package through Circle CI and reference its artifact link.. I will try to rebuilt it today and capture the steps

[Abhishek1121-tech]

Solution worked for me as well. Thanks @pimguilherme for sharing the steps above, some extra effort is required to build image from your branch to run and test. I feel the MR's need to merged asap and available in next release. The feature not only helps with single sign on (SAML2) only as combination of RBAC make more worthy with AD groups to work.