Title
#kolide
r

R0n

02/14/2020, 4:38 PM
hello, Im having problems setting UP SSO. the callback is retuning a blank page, and when its using OKTA it just redirect back to the login page. anyone here that has setup okta with Kolide
zwass

zwass

02/14/2020, 4:38 PM
Are you initiating login from Fleet or Okta?
r

R0n

02/14/2020, 4:39 PM
from Okta, then it goes to the login, then i click on OKTA SSO
4:39 PM
then redirects back to the login
4:40 PM
callback response after clicking on the SSO button
zwass

zwass

02/14/2020, 4:44 PM
Is there a user with the corresponding email in Fleet?
r

R0n

02/14/2020, 4:47 PM
email yes , diff username
4:47 PM
since we cant use email address as username because of the @
4:51 PM
so we can login by using user : testuser email : testuser@email.com but using okta our usernames are email addresses, so im not sure if we are missing something
4:54 PM
i can see from the network tab that okta sends back to callback
4:55 PM
SAMLResponse:msg
4:55 PM
then it redirects back to the login page
5:00 PM
it has a based64 enc XML
5:00 PM
okta -> callback
5:03 PM
there is no error, the xml has mas email address send back to the callback. so the callback is just going to the login screen stead of logging me in.
zwass

zwass

02/14/2020, 5:04 PM
Is there an error in the Fleet server logs?
r

R0n

02/14/2020, 5:04 PM
havent checked.
5:05 PM
let me check
5:23 PM
i see the errors, i was able to fix it
zwass

zwass

02/14/2020, 5:24 PM
Can you describe the issue? May help others in the future (or maybe there's something we can update in the docs?)
r

R0n

02/14/2020, 5:24 PM
quick question is there a way to pull current users in from the AD and add them to kolide?
5:25 PM
I was not able to see the SSO checkbox per user. so when i looked at therrors in the logs. i was able to see that it was missing.
5:25 PM
maybe the call back should send a msg back also? instead of redirect.
zwass

zwass

02/14/2020, 5:25 PM
There is no AD integration. It's something that's been discussed. I'd be happy to review a PR and/or build it on a consulting basis.
r

R0n

02/14/2020, 5:27 PM
i can take a look at it, acan you point any place where i should start
5:27 PM
?
zwass

zwass

02/14/2020, 5:30 PM
I think there could be a couple approaches. One might be add a capability to fleetctl to create a new user. Then put together some scripts to export the list of AD users and create the users with fleetctl.
5:31 PM
The other would be getting Fleet to actually connect to the AD server and get the list of users.
j

Jason W

02/14/2020, 7:37 PM
hi @r0m, I’ve done the Okta integration - sorry if I’m jumping in late, but I can help if you haven’t figured it out.
7:38 PM
oh, see that you were able to fix it.