Configure SSO Authentication with SAML

Set up SAML in Customer Environment

  1. Set up your SAML based on the steps in BoxyHQ documentation.

    Choose your IdP:

  2. Use these values in the Service provider details section:

    • ACS URL

      https://<your kloudfuse domain name>/api/oauth/saml

    • Entity ID

      https://<your kloudfuse domain name>/samlresponse

  3. Generate and save the Metadata (XML file).

    This is necessary to configure the Kloudfuse connection with your SAML provider.

  4. Share the metadata with Kloudfuse support.

Set up SAML in Kloudfuse

To set up SAML in Kloudfuse, you must:

Set up Metadata Secret

  1. Rename the Metadata XML file that the customer shares to kfuse.xml.

    Alternatively, if the customer shared a URL, run the following command:

    curl {metadata xml file url} > kfuse.xml

  2. Save the kfuse.xml file in the customer’s terminal.

  3. Create the generic kfuse-xml secret in the customer’s cluster and namespace by running the following command:

    kubectl create secret generic kfuse-xml --from-file=kfuse.xml

    If the secret kfuse-xml already exists, or if you are re-creating it, see Troubleshooting.

Set up the Environment

In the custom-values.yaml file, complete these steps:

  1. In the global section:

    1. Set the dnsName tag to the customer’s domain name.

    2. Enable the kfuse-saml service.

  2. In the kfuse-auth section:

    1. Set the saml-provider-name to the customer’s SAML provider name.

    2. Set existingSecret to kfuse-auth-saml.

  3. Perform a general upgrade using the custom-values.yaml.

    See Upgrade Kloudfuse and Upgrade validation.

    Example Configuration for SAML with Okta:
    global:
  dnsName: <your kloudfuse domain name>
  kfuse-saml:
    enabled: true


kfuse-auth:
  oauth2-proxy:
    config:
      saml-provider-name: "Okta"
      existingSecret: "kfuse-auth-saml"

Troubleshooting

  1. Open an interactive shell into kfuse-configdb-0 pod.

    kubectl exec -it kfuse-configdb-0 -- bash

  2. Log in to PostgreSQL:

    psql into the postgres using command -

    Enter your password when prompted.

  3. Check if samldb database exists using the following command:

    \l

  4. Delete and recreate the database samldb:

    DROP DATABASE samldb;
CREATE DATABASE samldb;