SAML SSO for Squirro#
Security Assertion Markup Language (SAML) is an open standard for single sign-on (SSO) authentication and authorization.
It can be used to log in to Squirro via an identity provider, such as Microsoft ADFS or Google.
SAML Single Sign-On can be enabled by following the steps below:
Set up the identity provider.
Provide a metadata file to Squirro
Enable SAML Single Sign-On within the Squirro application.
See the following guides for specific SSO setups:
To configure an identity provider, the following information is generally required:
Callback URL (or ACS URL):
https://SQUIRRO/sso/callback(URL of your Squirro installation plus the path
Primary Email, or similar
Configure SAML Metadata#
The identify provider should provide you with a metadata XML file. To configure SAML Single Sign-On with that file, go to the
Server space in Squirro and in the navigation on the left select
Single Sign-On (SAML).
In the setup screen that you now see, check the
Enabled checkbox and select the metadata XML file for upload.
For security reasons, the final configuration needs to be done directly on the server. Log into the server using SSH or similar means and edit the file
/etc/squirro/frontend.ini. Then append the following lines at the end:
sso_enabled = true
sso_endpoint = http://localhost:81/studio/extauth_saml/extauth
Reduce HTTP Session#
With Single Sign-On enabled, Squirro recommends reviewing the session expiration parameters. See Reducing Session Lifetime for information.