Public | Automated Build

Last pushed: a day ago
Short Description
Sal Container with SAML
Full Description


A Docker container for Sal that uses SAML

You will almost certainly need to edit and provide your own metadata.xml file from your SAML provider.

The following instructions are provided as a best effort to help get started. They might require modifications to meet specific environments. changes you will certainly need to make

An example Docker run

Please note that this docker run is incomplete, but shows where to pass the metadata.xml and Also note, latest in the below run should not be used unless you have a real reason (needing a development version). When performing docker run, you should substitute latest for the latest tagged release.

docker run -d --name="sal" \
-p 80:8000 \
-v /yourpath/metadata.xml:/home/docker/sal/sal/metadata.xml \
-v /yourpath/ \
--restart="always" \

Notes on OneLogin

  1. In the OneLogin admin portal click on Apps > Add Apps.
  2. Search for SAML Test Connector (IdP). Click on this option.
  3. Give the application a display name, upload a icon if you wish, and then click save.
  4. Under "Configuration" tab, you will need at least the minimum settings shown below:
  5. Under the "Parameters" tab, you will need to add the custom iDP Fields/Values. The process looks like:

    • Click "Add parameter"
      • Field name: FIELD_NAME
      • Flags: Check the Include in SAML assertion
    • Now click on the created field and set the appropriate FIELD_VALUE based on the table below.

      Repeat the above steps for all required fields:

      | urn:mace:dir:attribute-def:cn | First Name |
      | urn:mace:dir:attribute-def:sn | Last Name |
      | urn:mace:dir:attribute-def:mail | Email |
      | urn:mace:dir:attribute-def:uid | Email name part |

  6. Under the "SSO" tab, download the "Issuer URL" metadata file. This will be mounted in your docker container (see above).

  7. Under the "SSO" tab, you will find the "SAML 2.0 Endpoint" and "SLO Endpoint" which will go into the > idp section.
  8. Lastly, "Save" the SAML Test Connector (IdP).

Notes on Okta

Okta has a slightly different implementation and a few of the tools that this container uses, specifically pysaml2 and djangosaml2, do not like this implementation by default. Please follow the setup instructions, make sure to replace the example URL:

  1. Create a new app from the admin portal

    Platform: Web
    Sign on method: SAML 2.0

  2. Under "General Settings", give the app a name, add a logo and modify app visibility as desired.

  3. Under "Configure SAML" enter the following (if no value is given after the colon leave it blank):


    Single sign on URL:
    Use this for Recipient URL and Destination URL: Checked
    Allow this app to request other SSO URLs: Unchecked (If this option is available)
    Audience URI (SP Entity ID):
    Default RelayState: Unspecified
    Application username: Okta username

    Attribute Statements

    | Name | Format | Value |
    | urn:mace:dir:attribute-def:cn | Basic | ${user.firstName} |
    | urn:mace:dir:attribute-def:sn | Basic | ${user.lastName} |
    | urn:mace:dir:attribute-def:mail | Basic | ${} |
    | urn:mace:dir:attribute-def:uid | Basic | ${user.login} |

    Group Attribute Statements

    Sal does not support these at this time.

  4. Under "Feedback":

    Are you a customer or partner? I'm an Okta customer adding an internal app
    App type: This is an internal app that we have created

  5. Download the metadata file from: "Sign On" tab > Settings > SAML 2.0 > "Identity Provider metadata" link

    • Rename the file to metadata.xml to match the docker run example. Make sure to move this file to the correct location on your docker host.
  6. Under "Sign On" tab > Settings > SAML 2.0 > "View Setup Instructions", you will find the "Identity Provider Single Sign-On URL" and "Identity Provider Issuer" which will go into the > idp section.


For more information on what to put in your, look at
Also, swing by the #sal channel on the MacAdmins slack team (

Docker Pull Command
Source Repository