From e476ee8db964b03decf3091729bd9b4d62beb61a Mon Sep 17 00:00:00 2001 From: Darshit Chanpura <35282393+DarshitChanpura@users.noreply.github.com> Date: Fri, 1 Mar 2024 11:44:29 -0500 Subject: [PATCH] Updates SAML demo setup documentation (#6532) * Updates SAML demo setup documentation Signed-off-by: Darshit Chanpura * Updates some language around steps Signed-off-by: Darshit Chanpura * Deleted old saml zip Signed-off-by: Darshit Chanpura * Fixes vale errors Signed-off-by: Darshit Chanpura * Fixes style check Signed-off-by: Darshit Chanpura * Address PR feedback Signed-off-by: Darshit Chanpura * Addresses more comments Signed-off-by: Darshit Chanpura * Adds onboarding as part of vocab Signed-off-by: Darshit Chanpura * Changes the sentence phrase Signed-off-by: Darshit Chanpura * Addresses more feedback Signed-off-by: Darshit Chanpura --------- Signed-off-by: Darshit Chanpura --- .../styles/Vocab/OpenSearch/Words/accept.txt | 1 + _security/authentication-backends/saml.md | 48 +++++++++--------- assets/examples/saml-example-custom.zip | Bin 5337 -> 0 bytes 3 files changed, 24 insertions(+), 25 deletions(-) delete mode 100644 assets/examples/saml-example-custom.zip diff --git a/.github/vale/styles/Vocab/OpenSearch/Words/accept.txt b/.github/vale/styles/Vocab/OpenSearch/Words/accept.txt index d86d1769..0a14e17e 100644 --- a/.github/vale/styles/Vocab/OpenSearch/Words/accept.txt +++ b/.github/vale/styles/Vocab/OpenSearch/Words/accept.txt @@ -77,6 +77,7 @@ Levenshtein [Mm]ultiword [Nn]amespace [Oo]versamples? +[Oo]nboarding pebibyte [Pp]erformant [Pp]luggable diff --git a/_security/authentication-backends/saml.md b/_security/authentication-backends/saml.md index e4f94b43..ee6e2184 100755 --- a/_security/authentication-backends/saml.md +++ b/_security/authentication-backends/saml.md @@ -19,37 +19,35 @@ This profile is meant for use with web browsers. It is not a general-purpose way We provide a fully functional example that can help you understand how to use SAML with OpenSearch Dashboards. -1. Download [the example zip file]({{site.url}}{{site.baseurl}}/assets/examples/saml-example-custom.zip) to a preferred location in your directory and unzip it. -1. At the command line, specify the location of the files in your directory and run `docker-compose up`. -1. Review the files: +1. Visit the [saml-demo branch](https://github.com/opensearch-project/demos/tree/saml-demo) of the demos repository and download it to a folder of your choice. If you're not familiar with how to use GitHub, see the [OpenSearch onboarding guide](https://github.com/opensearch-project/demos/blob/main/ONBOARDING.md) for instructions. - * `customize-docker-compose.yml`: Defines two OpenSearch nodes, an OpenSearch Dashboards server, and a SAML server. - * `customize-opensearch_dashboards.yml`: Includes SAML settings for the default `opensearch_dashboards.yml` file. - * `customize-config.yml`: Configures SAML for authentication. +1. Navigate to the `demo` folder: + ```zsh + $ cd /demo + ``` - You can remove "customize" from the file names if you plan to modify and keep these files for production. - {: .tip } +1. Review the following files, as needed: -1. In the `docker-compose.yml` file, specify your OpenSearch version number in the `image` field for nodes 1 and 2 and the OpenSearch Dashboards server. For example, if you are running OpenSearch version {{site.opensearch_major_minor_version}}, the `image` fields will resemble the following examples: - - ```yml - opensearch-saml-node1: - image: opensearchproject/opensearch:{{site.opensearch_major_minor_version}} - ``` - ```yml - opensearch-saml-node2: - image: opensearchproject/opensearch:{{site.opensearch_major_minor_version}} - ``` - ```yml - opensearch-saml-dashboards: - image: opensearchproject/opensearch-dashboards:{{site.opensearch_major_minor_version}} - ``` + * `.env`: + * Defines the OpenSearch and OpenSearch Dashboards version to use. The default is the latest version ({{site.opensearch_major_minor_version}}). + * Defines the `OPENSEARCH_INITIAL_ADMIN_PASSWORD` variable required by versions 2.12 and later. + * `./custom-config/opensearch_dashboards.yml`: Includes the SAML settings for the default `opensearch_dashboards.yml` file. + * `./custom-config/config.yml`: Configures SAML for authentication. + * `docker-compose.yml`: Defines an OpenSearch server node, an OpenSearch Dashboards server node, and a SAML server node. + * `./saml/config/authsources.php`: Contains the list of users that can be authenticated by this SAML domain. -1. Access OpenSearch Dashboards at [http://localhost:5601](http://localhost:5601){:target='\_blank'}. Note that OpenSearch Dashboards immediately redirects you to the SAML login page. +1. From the command line, run: + ```zsh + $ docker-compose up. + ``` -1. Log in to OpenSearch Dashboards. The default username is `admin` and the default password is set in your `customize-docker-compose.yml` file in the `OPENSEARCH_INITIAL_ADMIN_PASSWORD=` setting. +1. Access OpenSearch Dashboards at [http://localhost:5601](http://localhost:5601){:target='\_blank'}. -1. After logging in, note that your user in the upper-right is `SAMLAdmin`, as defined in `/var/www/simplesamlphp/config/authsources.php` of the SAML server. +1. Select `Log in with single sign-on`. This redirects you to the SAML login page. + +1. Log in to OpenSearch Dashboards with a user defined in `./saml/config/authsources.php` (such as `user1` with password `user1pass`). + +1. After logging in, note that the user ID shown in the upper-right corner of the screen is the same as the `NameID` attribute for the user defined in `./saml/config/authsources.php` of the SAML server (that is, `saml-test` for `user1`). 1. If you want to examine the SAML server, run `docker ps` to find its container ID and then `docker exec -it /bin/bash`. diff --git a/assets/examples/saml-example-custom.zip b/assets/examples/saml-example-custom.zip deleted file mode 100644 index acb733ffd51858aec59d3f1a603da3b522cf5232..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 5337 zcmd5=c|6p6_aDYG*|TqDYm$sLOP0!#EMv+wj4jI;6EgN0;tFFYdnqN^Z07^ZLy9JFoBeb;*-Jq1^_Ft4@ocJ)VPR>pr5vHh*oTxanaQak1ur!y5 zlA>ZY*j+rQJDs@ag&;RK1DZ&{(T$>1pr&TNoJ>s1ufH9qwnRi+wxABRycUi7CMI5w zb>cF(&v$+|KXfd^WvocKQWS$_KHe1HI+JifS+;?q1vaaS5>J2-&d#Nr~FveN0p%JSFPx$q+0C)0-3>? zAqv*-L~3Y20^YCTVi%%~T!olH5Cr0<;j$hK1^L5BMnW8 zCf=O1?_hdAe^j~JBZ(+3y|~kua{N$$h+f*8=DE{gu6;h@3WU?6@c6G_`|L2;Zo94_FyZdm6SBAlmJo+&a@H| z0gJ7uTE*iCfD$O-2w%@yC$B5d87pp6NmhjEj0LHoNod!zka z{N;l@aVx>{jtp~oPg}tChs2DwX!d%h$VMHPh0Imc#b2JQAEMOTB@xSV%V#mDA;v{n1>5H#TH#sjubR+yWDtUoM6Mae@ECChP)D0KVS=fdo0 zq()5OcJX=W%oWuack9fq@30ogg}Q7*G-Yr9C~#a6h2^}PrFQXB92%x2PTH99A0~(6BwirN_xbfnkIrAH5rdPCj?d!B z9rFB&S$76-!B^yJ2F~Ri)YqgED+WG?K<@VxxXOjNX>${nN4@rQT8l5&g(ppc^O*dp z-5P?}c2owW=!T*9fQGE!*QOO2jhLkW)@}HpBNA5?lnZyJHwb1D&Ip9avPo?&&#wnp!+B_j&o2=(ST zk9>^yO~D4#m=UIvXTL|l^-FOP~i;ZABopCwETExQvDV}IucZ{bO)D}Ev3x6&R6 zHoSXE-_UkV$+JWb+WC2xId?{nqK(1a`vRZuX{s?@dmGDJ68;%1VW zH%iaOX5O~g7#z>Ys8JHE5#I_eYAunGiHDXvpldd(^A7KiBof8)5>#JmGr=XmkVMxQ4K7 z;u__Qvw}b}TT_mUH^u|&Cx`L&^zrt`{>e2x%`lhgf3F|7<~i#5v1f{0VdEA184;AO z-{d@6C1+9*Mk1K-Jz4YojcpmHzDU(%>n%C=ahz+3p3yMATd z{aXFcs@zU!8)i*|-m+vEocL6YxyZYth;{l`M$m<6;j>No%3oQ>+$VM*ks(9wqQRkN^t8&r#)AoMx?7Q53i6UjY_BI%C=7JlG%k+EZ9vNoc zgujWbO6l`zyxIDUZ)oh&r>sCZ=d_GL&1dhcM|SVf*1g9UcsbrwIjn=yox*t8?Oo}< z(n*tZgB|a!YKSOO+&^i3&}k1h0_5z$*u@0*3#fo?Az|e z)|r7X`>7$bYFfsJiUt;2`@R&<+6E`Km48O6YPL~hlR0>6M+c2IV zL1wUz*_t;d@G(SusB#yacL=`{k=^5OL^3_3!gaD48W>p_;F@xa2d7Q9Vw{4U?EU& zUZ$VjD9KVP%l#L4?NrS3QtxKbDQRC%1g=deav+iVzPU=Ir`U9n5Gdcuzhu(;^!UJj z3V3$VM?J+V%OF)8<*!?m#Hw>s_;YZ)cSGjH*VCzvsy+dDsWoCRZ?He^d$JZ8!z8t!r@jGW-o6tr7=s%)z9m+7~af&K7r+>F&1 z6gatW9qu$$*`v24aQaNdL2oVe=X<_qv%P_SC|{|^L_tegc`R@{btsZ&LMt zhx#ZQ#Wd=}R=o6N$+r>W$PU(ujDEV*W?`sReiNF<-m=KNgLhIy&|1(o>!KhuEAy(b z^$je4(Qj|8tVKjF*=lNOT%6FfAz4pe%CsX-+6rq3O$d`Nk%cvE1RFDjZIl5hnISQI z9b^7VeXi%%8t`t0KU&QV9p+j^!FYR}aCiNa^3v}j(R*k!kMv*Xo^0eF?bVWO+;nBT zwwC)@>`lJ=XgamresYbjv1w`Rc{XGDv0FJVPm{A%bZ(r{)izH_Nx_TW`^6#c4vgN% z6Cng6p_qe?pUO@7$vrwKjdee76DQviUdlH9LQFAGFBR*SdCQI4I*NVCykJ@Oj?h? zuh|yk&yjYEjs+Q8mwIK^Q_zDIv0@{6YF}->R)3#Em;WwzgdwkDNpVVb=-IiZoY>-V zkPhi-bTVD<)vgd!{8i(az?`Z47|xf?hFa-F=_Qp+ zsqnh4$-CjMl(##X2%hq-{p4QJc0Id=;o&RaqB-VosH-$sp-fxwOw+}WXF>yiA#}y` zL^`IEt3_Yz61vuSVVw9R3$JmZtMX8beQ3T~2@X=a(?Uu-_+tA71** zZFMSkfpnKWv{^2+mG=U!^?m;VyBhXi7e3_GmKTHpanp{$lDBj0!~h;CXYJ%;IKXSjr-b- zVe&F^M-j%xFk?#&NX#`VsHL8bEgwRNE{ZpZ4}x9{Dq&+jfH&7k*o8fMCi3n7f1s(% z|M0Mi)?EOAn8E4jdBIyBB+y=4ktSW>vLWR*oB(Wktni2G)q{ogqcw1_uqsVNIPLa7 zJZ4zkKVSry($`O_z?8l!g+vU^+YS5Qd?ejuX8+N~`hgIbc~_;77)0xe|8!)dv41`R zuQvxwnd{qaV9H#TLSg`|1Z}Xg#)ALx%=x4B^{pt-(yvM(F_vj-XMc7ho21tIjR2kR z`kD)LzN=D5oM7G(hQBGUKrj45AN-@)_4NoS=&MpljHea