ja:documentation:pandorafms:technical_annexes:45_simplesaml_2_local

文書の過去の版を表示しています。

ローカルでの SimpleSAML 2 . 0

Pandora FMS ドキュメント一覧に戻る

Introduction

概要

Once installed SAML Single Sign-On following the official documentation, we can use these steps to configure a local authentication.

公式ドキュメントに従って SAML シングルサインオン をインストールしたら、次の手順でローカル認証を設定できます。

Important: this local authentication is for testing purposes only, it is never recommended for use in production environments and it is recommended to revert step 1 and step 2 changes before moving to production.

重要: このローカル認証はテスト目的のみであり、実稼働環境での使用は推奨されません。実稼働環境に移行する前に、ステップ 1ステップ 2 の変更を元に戻すことをお勧めします。

ステップ 1: exampleauth の有効化

The following configuration file is opened with your favorite text editor:

次の設定ファイルを、お気に入りのテキストエディタで開きます。 

/opt/simplesamlphp/config/config.php

Find the block module.enable, then exampleauth, whose default value is false and change it to true.

ブロック module.enable を探し、次に exampleauth を見つけます。デフォルト値は false ですが、これを true に変更します。

Save and exit.

保存して終了します。

Step 2: creation of local authentication source

With your favorite text editor open the file: 

/opt/simplesamlphp/config/authsources.php

A block must be created for the new authentication source, the easiest way is to create it just before the default-sp:

With a block similar to the following:

/opt/simplesamlphp/config/authsources.php
    // Example local authentication source  
    'example-pandora' => [
        'exampleauth:UserPass',
        'user:password' => [
            'uid' => ['user'],
            'mail' => ['user@example.com'],
            'givenName' => ['User One'],
            'Group' => ['All'],
            'Role' => ['admins'],
        ],
        'user2:password2' => [
            'uid' => ['user2'],
            'mail' => ['user2@example.com'],
            'givenName' => ['User Two'],
            'Group' => ['network'],
            'Role' => ['operators'],
        ],
    ],

The result should be similar to:

The auth source named example-pandora contains 2 users:

  • user with the password password and user2 with the password password2.
  • Each user has a number of attributes such as uid, mail, givenName, Group and Role.
  • These attributes are defined in the array so you can change or add more attributes in order to perform further authentication tests.

Step 3: local authentication check

It is accessed through the URL https://pandora.local/simplesamlphp/admin/ (you must change pandora.local for the URL of the PFMS Web Console).

It must be accessed with HTTPS, as HTTP will fail authentication.

Enter the credentials for the admin user previously configured in SAML.

Click on the test tab which will display the new authentication source (example-pandora):

Click on example-pandora and it will ask for username and password, check with one of those defined in step 2 (shown for user):

Observe in Your attributes and compare with all the defined attributes, with this you can check that authentication using SAML works correctly and you can configure in Pandora FMS.

Important: this local authentication is for testing purposes only, it is never recommended for use in production environments and it is recommended to revert step 1 and step 2 changes before moving to production.

Back to Pandora FMS Documentation Index

  • ja/documentation/pandorafms/technical_annexes/45_simplesaml_2_local.1737009305.txt.gz
  • 最終更新: 2025/01/16 06:35
  • by junichi