SAML SSO for Squirro#

Security Assertion Markup Language (SAML) is an open standard for single sign-on (SSO) authentication and authorization.

It can be used to log in to Squirro via an identity provider, such as Microsoft ADFS or Google.


SAML Single Sign-On can be enabled by following the steps below:

  1. Set up the identity provider.

  2. Provide a metadata file to Squirro

  3. Enable SAML Single Sign-On within the Squirro application.

Setup Guides#

See the following guides for specific SSO setups:

Identity Provider#

To configure an identity provider, the following information is generally required:

  • Entity ID:

  • Callback URL (or ACS URL): https://SQUIRRO/sso/callback (URL of your Squirro installation plus the path /sso/callback)

  • Name ID: Email, Primary Email, or similar

Configure SAML Metadata#

The identify provider should provide you with a metadata XML file. To configure SAML Single Sign-On with that file, go to the Server space in Squirro and in the navigation on the left select Single Sign-On (SAML).

In the setup screen that you now see, check the Enabled checkbox and select the metadata XML file for upload.


Enable SSO#

For security reasons, the final configuration needs to be done directly on the server. Log into the server using SSH or similar means and edit the file /etc/squirro/frontend.ini. Then append the following lines at the end:

sso_enabled = true
sso_endpoint = http://localhost:81/studio/extauth_saml/extauth

Reduce HTTP Session#

With Single Sign-On enabled, Squirro recommends reviewing the session expiration parameters. See Reducing Session Lifetime for information.