Is this still accurate for supported idp providers?

brad · July 5, 2021, 8:27pm

Is this still accurate for supported idp providers? https://docs.chef.io/automate/saml/

scottR · July 5, 2021, 9:03pm

Yes? How do you mean?

brad · July 5, 2021, 10:03pm

I didn’t know if there were any new providers incoming or that haven’t been added that are supported. Looking for Shibboleth support.

scottR · July 5, 2021, 10:47pm

Ah, OK. I’ll leave that for someone else who knows.
For what it’s worth, our org did the legwork to get Azure AD support running and contributed that back. You might be able to do the same for Shibboleth.

rosanna · July 5, 2021, 11:25pm

Shib is just saml2 compliant, so there’s good chances it would work as-is

scottR · July 6, 2021, 1:23am

Azure AD is saml2 also, but it took our AD and SAML experts a bit to work out the extra few bits of config to make it work.

rosanna · July 6, 2021, 2:00am

Well Saml2 as made by ADFS is a bit complex, specially on the ADFS side to configure what is to be given in the ‘token’ (sorry I forgot the proper term)

rosanna · July 6, 2021, 2:31am

The complex part is the usually the group membership, the Auth itself is ‘standard’