AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

Direct SAML to Managed Grafana from Auth0 issue

0

I am having trouble using Auth0 as SAML to work with Managed Grafana.
I followed this: https://auth0.com/docs/customize/integrations/aws/configure-amazon-web-services-for-sso but that is not directly to AMG. My setup:

Using my AMG workspace, set to use both Identity Center and SAML.

Auth0 settings: { "audience": "i used AMG Service provider identifier (Entity ID)", "destination": "I used AMG Service provider reply URL (Assertion consumer service URL)", "mappings": { "email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", "name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" }, "createUpnClaim": false, "passthroughClaimsWithNoMapping": false, "mapUnknownClaimsAsIs": false, "mapIdentities": false, "nameIdentifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", "nameIdentifierProbes": [ "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" ] }

CALLBACK URL = Service provider reply URL (Assertion consumer service URL)

I did import idP metadata.

Mapping Assertion I use: Assertion attribute role = email Admin role values = to the email address of the user i setup in Auth0 If I test from Auth0 using Identity Provider Login URL, error is: {"message":"corresponding relay state is not found: "}

If I test from AMG using Grafana workspace URL, error is: {"message":"Failed to obtain required user information from the assertion, make sure assertion mapping is correct."}

Any help is much appreciated please.

주제
최종 사용자 컴퓨팅보안, 신원 및 규정 준수
태그
아마존 WorkSpacesAWS 자격 증명 및 액세스 관리
언어
English
rePost-User-4445203
질문됨 일 년 전779회 조회
1개 답변
0

I have recently solved this with the help of AWS.

follow instructions below:

  1. Copy Grafana SAML info
  2. Access your Grafana workspace config, authentication, SAML configuration
  3. Copy the values for Service provider identifier (Entity ID) and Service provider reply URL (Assertion consumer service URL)

Configure Auth0 application

  1. In Auth0 dashboard, go into Applications, Applications, Create application
  2. Regular Web Applications
  3. Addons
  4. Saml2 Web App
  5. Settings
  6. Application Callback URL: paste your Service provider reply URL (Assertion consumer service URL)
  7. Settings: see below
  8. Scroll down and select Enable
  9. Close the addon config
  10. Back in application config, click in Settings
  11. Scroll down and expand Advanced Settings
  12. Endpoints
  13. Copy SAML Metadata URL

Update Grafana SAML config

  1. Back in Grafana workspace config, authentication, SAML configuration
  2. In Metadata URL, paste the SAML Metadata URL
  3. In Assertion attribute role, insert role
  4. In admin role values, insert admin
  5. Click Save SAML configuration

Add user in Auth0

  1. In auth0, go to User Management, Users
  2. Create an user informing a valid email address and a password
  3. After creating, click in the user name to see user details
  4. Scroll down and insert the app_metadata as below

SAML2 Addon settings:

{ "audience": "Service provider identifier (Entity ID)", "mappings": { "email": "mail", "name": "displayName", "role": "role" } }

**App_metadata **(change admin to editor or viewer when needed):

{ "role": "admin" }

rePost-User-4445203
답변함 일 년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠