Pandora: Documentation en: saml

From Pandora FMS Wiki
Jump to: navigation, search

1 SAML Single Sign-On with Pandora FMS

SAML is an XML-based open standard for authentication and authorization. Pandora FMS Enterprise can act as a service provider with your internal SAML identity provider.

Template warning.png

Administrators are always authenticated against the local database.

 


1.1 Configuring Pandora FMS

Go to Administration -> Setup -> Authentication and select SAML under Authentication method.

Saml setup.png

1.2 Configuring the service provider

Download [SimpleSamlphp] and install it in /opt/simplesamlphp/. Make sure the file /opt/simplesamlphp/lib/_autoload.php exists. Follow the [SimpleSAMLphp Service Provider QuickStart] guide and configure the service provider. You will need your identity provider's metadata.

1.3 Configuring your identity provider

Configure your identity provider to send the following attributes to the service provider:

  • eduPersonTargetedId: A unique user identifier.
  • commonName: The name of the user.
  • mail: The user's email.
  • schacHomeOrganization: The group the user belongs to. It must exist in your Pandora FMS Console.

1.4 Logging in

Navigate to your Pandora FMS Console and click on the Login button. You will be redirected to your identity provider.

Saml idp.png

After a successful login you will be redirected back to the Pandora FMS Console.