Skip to content

Latest commit

 

History

History
35 lines (27 loc) · 1.3 KB

50-saml.md

File metadata and controls

35 lines (27 loc) · 1.3 KB
title sidebarTitle excerpt
SAML Authentication
SAML
Authenticating to Meli using SAML

SAML Authentication

Warning: Make sure to setup your private/public keys, or else SAML login will be insecure.

  1. Create a new SAML client in your IdP (for example, Keycloak) and remember the issuer/client name.
  2. Look at your IdP docs to find the corresponding endpoint (for keycloak it is https://<my.keycloak.install>/auth/realms/<my.realm>/protocol/saml)
  3. Look at your IdP docs to find your SAML certificate (for keycloak you can get it at https://<my.keycloak.install>/auth/realms/<my.realm>/protocol/saml/descriptor)
  4. Generate an RSA private/public keypair to use for signing requests, and configure your IdP with the public key.

For information on how to format the certificate and key, see the upstream passport-saml documentation.

Now, you can update your docker-compose.yml:

services:
  # ...
  server:
    # ...
    environment:
      # ...
      MELI_SAML_ENDPOINT: <the-full-url-to-your-saml-endpoint>
      MELI_SAML_ISSUER: <the-issuer-or-client-to-authenticate-as>
      MELI_SAML_IDP_CRT: <the-public-cert-of-your-IdP>
      MELI_SAML_PRIVATE_CRT: <an-RSA-private-key>