brand-fabian
commented
3 years ago Unfortunately, it is not as easy as "just" following the documentation. In the End a few changes to the Dockerfiles etc. are necessary.
Note: I have implemented/tested the SAML setup against a Keycloak IDP. Mileage may vary for other IDP, especially around the attributes.
The code I used to have a working SAML login in VarFish is provided in the pull request https://github.com/bihealth/varfish-server/pull/146. Changes are overall pretty basic. To authenticate against a keycloak saml endpoint, I have used the following attributes map in addition to the code changes in a docker environment:
'ATTRIBUTES_MAP': {
'email': 'urn:oid:1.2.840.113549.1.9.1',
'username': 'username',
'first_name': 'urn:oid:2.5.4.42',
'last_name': 'urn:oid:2.5.4.4',
},Additionally, I added the key files and metadata.xml into a volume passed to the varfish container. The other attributes in the .env file are set as described in the sodar-core documentation (minus the typo around IDP/IPD/IPO)
It would also be nice to introduce some redirect to sso/login from the standard login page or a button to this extent.
holtgrewe
Is your feature request related to a problem? Please describe. SAML is useful for authentication. VarFish should already have support for it as sodar-core does. We have not tested this yet and we need to document it.
Describe the solution you'd like Test setup and document the environment variables. Refer to SODAR-core documentation on how to configure details such as keycloak.
Describe alternatives you've considered N/A
Additional context N/A