https://github.com/osquery/osquery logo
Join Slack
Powered by
hello, Im having problems setting UP SSO. the ca...
# kolide
r
hello, Im having problems setting UP SSO. the callback is retuning a blank page, and when its using OKTA it just redirect back to the login page. anyone here that has setup okta with Kolide
z
Are you initiating login from Fleet or Okta?
r
from Okta, then it goes to the login, then i click on OKTA SSO
then redirects back to the login
callback response after clicking on the SSO button
z
Is there a user with the corresponding email in Fleet?
r
email yes , diff username
since we cant use email address as username because of the @
so we can login by using user : testuser email : testuser@email.com but using okta our usernames are email addresses, so im not sure if we are missing something
i can see from the network tab that okta sends back to callback
`SAMLResponse:`msg
then it redirects back to the login page
it has a based64 enc XML
okta -> callback
there is no error, the xml has mas email address send back to the callback. so the callback is just going to the login screen stead of logging me in.
z
Is there an error in the Fleet server logs?
r
havent checked.
let me check
i see the errors, i was able to fix it
z
Can you describe the issue? May help others in the future (or maybe there's something we can update in the docs?)
r
quick question is there a way to pull current users in from the AD and add them to kolide?
I was not able to see the SSO checkbox per user. so when i looked at therrors in the logs. i was able to see that it was missing.
maybe the call back should send a msg back also? instead of redirect.
z
There is no AD integration. It's something that's been discussed. I'd be happy to review a PR and/or build it on a consulting basis.
r
i can take a look at it, acan you point any place where i should start
?
z
I think there could be a couple approaches. One might be add a capability to fleetctl to create a new user. Then put together some scripts to export the list of AD users and create the users with fleetctl.
The other would be getting Fleet to actually connect to the AD server and get the list of users.
👍 1
j
hi @r0m, I’ve done the Okta integration - sorry if I’m jumping in late, but I can help if you haven’t figured it out.
oh, see that you were able to fix it.
Open in Slack
PreviousNext
Powered by