Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
r
R0n
02/14/2020, 4:38 PMhello,
Im having problems setting UP SSO.
the callback is retuning a blank page, and when its using OKTA it just redirect back to the login page.
anyone here that has setup okta with Kolide
z
zwass
02/14/2020, 4:38 PMAre you initiating login from Fleet or Okta?
r
R0n
02/14/2020, 4:39 PMfrom Okta, then it goes to the login, then i click on OKTA SSO
then redirects back to the login
callback response after clicking on the SSO button
z
zwass
02/14/2020, 4:44 PMIs there a user with the corresponding email in Fleet?
r
R0n
02/14/2020, 4:47 PMemail yes , diff username
since we cant use email address as username because of the @
so we can login by using
user : testuser
email : testuser@email.com
but using okta our usernames are email addresses, so im not sure if we are missing something
i can see from the network tab that okta sends back to callback
`SAMLResponse:`msg
then it redirects back to the login page
it has a based64 enc XML
okta -> callback
there is no error, the xml has mas email address send back to the callback. so the callback is just going to the login screen stead of logging me in.
z
zwass
02/14/2020, 5:04 PMIs there an error in the Fleet server logs?
r
R0n
02/14/2020, 5:04 PMhavent checked.
let me check
i see the errors, i was able to fix it
z
zwass
02/14/2020, 5:24 PMCan you describe the issue? May help others in the future (or maybe there's something we can update in the docs?)
r
R0n
02/14/2020, 5:24 PMquick question is there a way to pull current users in from the AD and add them to kolide?
I was not able to see the SSO checkbox per user. so when i looked at therrors in the logs. i was able to see that it was missing.
maybe the call back should send a msg back also? instead of redirect.
z
zwass
02/14/2020, 5:25 PMThere is no AD integration. It's something that's been discussed. I'd be happy to review a PR and/or build it on a consulting basis.
r
R0n
02/14/2020, 5:27 PMi can take a look at it, acan you point any place where i should start
?
z
zwass
02/14/2020, 5:30 PMI think there could be a couple approaches. One might be add a capability to fleetctl to create a new user. Then put together some scripts to export the list of AD users and create the users with fleetctl.
The other would be getting Fleet to actually connect to the AD server and get the list of users.
👍 1
j
Jason W
02/14/2020, 7:37 PMhi @r0m, I’ve done the Okta integration - sorry if I’m jumping in late, but I can help if you haven’t figured it out.
oh, see that you were able to fix it.