Public | Automated Build

Last pushed: 3 months ago
Short Description
This container will be deleted once it is merged into master
Full Description

docker-crypt-server-saml

A Docker container for Crypt Server that uses SAML

You will almost certainly need to edit settings.py and provide your own metadata.xml file from your SAML provider.

settings.py changes you will certainly need to make

An example Docker run

Please note that this docker run is incomplete, but shows where to pass the metadata.xml and settings.py

docker run -d --name="crypt" \
-p 80:8000 \
-v /yourpath/metadata.xml:/home/docker/crypt/fvserver/metadata.xml \
-v /yourpath/settings.py:/home/docker/crypt/fvserver//settings.py \
--restart="always" \
macadmins/crypt-server-saml:2.2.0

Notes on OneLogin

Your Onelogin Configuration should have the minimum settings

You will also need to configure your Parameters section with the custom iDP Fields/Values.

  • Ensure these fields are passed in the SAML Assertion

Notes on Okta

Okta has a slightly different implementation and a few of the tools that this container uses, specifically pysaml2 and djangosaml2, do not like this implementation by default. Please follow the setup instructions, make sure to replace the example URL:

  1. Create a new app from the admin portal

    Platform: Web
    Sign on method: SAML 2.0

  2. Under "General Settings", give the app a name, add a logo and modify app visibility as desired.

  3. Under "Configure SAML" enter the following (if no value is given after the colon leave it blank):

    General

    Single sign on URL: https://crypt.example.com/saml2/acs/
    Use this for Recipient URL and Destination URL: Checked
    Allow this app to request other SSO URLs: Unchecked
    Audience URI (SP Entity ID): https://crypt.example.com/saml2/metadata/
    Default RelayState:
    Default RelayState: Unspecified
    Application username: Okta username

    Attribute Statements

    | Name | Format | Value |
    |-----------|-----------|-----------|
    | urn:mace:dir:attribute-def:cn | Basic | ${user.firstName} |
    | urn:mace:dir:attribute-def:sn | Basic | ${user.lastName} |
    | urn:mace:dir:attribute-def:mail | Basic | ${user.email} |
    | urn:mace:dir:attribute-def:uid | Basic | ${user.login} |

    Group Attribute Statements

    crypt does not support these at this time.

  4. Under "Feedback":

    Are you a customer or partner? I'm an Okta customer adding an internal app
    App type: This is an internal app that we have created

Now that Okta is setup you will need to modify your settings.py to match. Note if you used the Attribute Statements above you should not have to modify the SAML_ATTRIBUTE_MAPPING variable. The metadata file can be downloaded from the Application's "Sign On" tab > Settings > SAML 2.0 > "Identity Provider metadata" link. The idp URLs are found under the "Sign On" > Settings > SAML 2.0 > "View Setup Instructions" button.

Help

For more information on what to put in your settings.py, look at https://github.com/knaperek/djangosaml2

Docker Pull Command
Owner
clburlison

Comments (0)