docs icon indicating copy to clipboard operation
docs copied to clipboard

Published 20 hours ago verified publisher icon mattermost

Any chance to see guide for GLUU SAML config?

Open philzyk opened this issue 5 years ago • 12 comments

Tried to setup SAML auth over GLUU, but failed. Any help will be appreciated.

philzyk avatar Jun 02 '20 20:06 philzyk

Hi @philzyk. Thanks for letting us know about this. Would you be open to providing the steps you followed to set SAML auth up? If you can provide any error messages or logs, and details about your environment, that would also be great. Thank you! :)

justinegeffen avatar Jun 03 '20 08:06 justinegeffen

To follow up on my previous comment, I also recommend posting this on the Mattermost Forum for additional assistance.

justinegeffen avatar Jun 03 '20 18:06 justinegeffen

Hi @philzyk. I wanted to follow up on your question and find out whether you've been able to find a resolution. :)

justinegeffen avatar Jun 14 '20 07:06 justinegeffen

No, my boss decided to use E10 without SAML (SAML available with E20 licence) and use LDAP from GLUU to make all run i did port mapping localhost:1636-->gluu{ip}:389 then i've connected mattermost over LDAP some settings are a bit tricky, so if you interested in such workaround - i can share my experience my next try will be over OpenAuth2.0+UMA in GLUU Now studying guides

philzyk avatar Jun 23 '20 21:06 philzyk

Hi @philzyk, thanks for your reply.

If you'd be open to sharing your workaround that would be really helpful. You're welcome to share it here, or you could also create a blog post detailing your steps. @jasonblais and I will be happy to work with what you provide and find the best way to share it with the community.

Looking forward to your contribution and please let us know if we can help with anything else.

justinegeffen avatar Jun 24 '20 06:06 justinegeffen

Hello! my workaround:

  1. iptables -t nat -I PREROUTING -p tcp -d 1[Gluu ip]/32 --dport 389 -j DNAT --to-destination 127.0.0.1:1636 and don't forget to open 389 port to you LAN/ip of mattermost host
  2. sysctl -w net.ipv4.conf.[your interface name eth0 or ens192].route_localnet=1
  3. in Mattermost: Connection Security: TLS Skip Certificate Verification: true BaseDN: o=gluu Bind Username: cn=Directory Manager User Filter: (objectClass=gluuPerson) Group Filter: (objectClass=gluuGroup) Group Display Name Attribute: displayName Group ID Attribute: inum First Name Attribute: givenName Last Name Attribute: sn Nickname Attribute: uid Email Attribute: mail Username Attribute: uid ID Attribute: inum Login ID Attribute: uid Hope, that this will help somebody :-)

philzyk avatar Jun 24 '20 10:06 philzyk

@svelle, adding you for visibility/forum post.

justinegeffen avatar Sep 16 '20 11:09 justinegeffen

thanks! good effort, we are looking at the same, @philzyk any progress on OpenAuth2.0+UMA in GLUU, can you post your findings/references? Cheers!

mihai-satmarean avatar Nov 21 '20 12:11 mihai-satmarean

Hello! My experiments failed, but i found nice article - https://qiita.com/wadahiro/items/8b118c34aae904353865 Guy used Keycloak, not GLUU but probably his idea will work.

philzyk avatar Dec 12 '20 14:12 philzyk

@svelle - Is SAML auth over GLUU officially supported? If yes, are you open to creating a Support KB article with these details?

cwarnermm avatar Jan 18 '22 14:01 cwarnermm

@cwarnermm no it's not officially supported as of now. This will need to be posted elswhere for the time being.

svelle avatar Jan 18 '22 14:01 svelle

Thanks, @svelle - Given that this isn't officially supported, the best place for this content is on the User Forum.

@philzyk - If you haven't done so already, would you be open to posting your findings on the Mattermost Community User Forum?

cwarnermm avatar Jan 18 '22 14:01 cwarnermm