https://github.com/osquery/osquery logo
Title
k

Kenny Stevens

03/07/2019, 3:58 PM
2) I’m attempting to setup SSO for Kolide using Google, but every time I try logging in via SSO, I’m routed back to the login page for Kolide. I’m not exactly sure what’s going on with that, but I don’t see any logging event in both applications.
c

crimsonknave

03/07/2019, 4:22 PM
I had some issues setting up SAML that sounds like what you're seeing. I believe that I had something misconfigured. Also it's worth noting that Fleet doesn't provision users from SSO, you have to create them and check the box that says that they are SSO enabled.
k

Kenny Stevens

03/07/2019, 4:24 PM
Yeah, I had my user selected as SSO and attempted a login from an incognito window. Did you setup SAML with Google or with another provider?
c

crimsonknave

03/07/2019, 4:40 PM
Okta
k

Kenny Stevens

03/07/2019, 4:43 PM
Ah. Okay. I’ll keep trying to get this.
z

zwass

03/07/2019, 8:23 PM
@Kenny Stevens I was just able to set up SSO with Google... Try opening your network inspector and looking at the SAML response that google provides in the POST to your login endpoint. The response is encoded but you can find tools online to decode it like https://www.samltool.com/decode.php. You may find some error message in there.
k

Kenny Stevens

03/07/2019, 8:26 PM
@zwass Ohh. Okay. I’ll take a look at this. Thank you!
z

zwass

03/07/2019, 8:27 PM
In my case the problem was that I had the callback URL specified incorrectly
a

andybot

07/04/2019, 4:10 PM
hi! did you figure out the SSO issue? I’m also directed to the
/login
page — however, I didn’t set up SMTP // assumed setting up auth via SSO would automatically bootstrap users that auth into fleet. Do I still have to manage users and specify SSO-only for them?
z

zwass

07/06/2019, 7:18 PM
Yes