Description of problem: We need to document SSO feature support i.e (Single sign on) ENABLING steps from Dashboard cli commands. Version-Release number of selected component (if applicable): Ceph 4.1 How reproducible: Refer the upstream docs for enablement https://docs.ceph.com/docs/master/mgr/dashboard/?highlight=sso#enabling-single-sign-on-sso Steps to Reproduce: 1. Deploy 4.0 ceph-cluster on rhel 7.7/rhel 8.1 using ceph-ansible. 2.Launch the dashboard installed. 3. enable SSO from dashboard cli commands 4. Refer upstream doc for commands https://docs.ceph.com/docs/master/mgr/dashboard/?highlight=sso#enabling-single-sign-on-sso All the below steps needs to be added in the dashboard guide: To configure SSO on Ceph Dashboard, you should use the following command: $ ceph dashboard sso setup saml2 <ceph_dashboard_base_url> <idp_metadata> {<idp_username_attribute>} {<idp_entity_id>} {<sp_x_509_cert>} {<sp_private_key>} Parameters: <ceph_dashboard_base_url>: Base URL where Ceph Dashboard is accessible (e.g., https://cephdashboard.local) <idp_metadata>: URL to remote (http://, https://) or local (file://) path or content of the IdP metadata XML (e.g., https://myidp/metadata, file:///home/myuser/metadata.xml). <idp_username_attribute> (optional): Attribute that should be used to get the username from the authentication response. Defaults to uid. <idp_entity_id> (optional): Use this when more than one entity id exists on the IdP metadata. <sp_x_509_cert> / <sp_private_key> (optional): File path of the certificate that should be used by Ceph Dashboard (Service Provider) for signing and encryption. Note The issuer value of SAML requests will follow this pattern: <ceph_dashboard_base_url>/auth/saml2/metadata To display the current SAML 2.0 configuration, use the following command: $ ceph dashboard sso show saml2 Note For more information about onelogin_settings, please check the onelogin documentation. To disable SSO: $ ceph dashboard sso disable To check if SSO is enabled: $ ceph dashboard sso status To enable SSO: $ ceph dashboard sso enable saml2 Actual results: Expected results: Additional info:
Once the above steps are performed. Enter the dashboard URL ex: http://magna005.ceph.redhat.com:8443 , we should be navigated to the SSO page, and prompted for credentials for login. After successful login, SSO redirects to dashboard UI.
Small change to the step 1: Cluster needs to be deployed with 4.1 ceph.
NOTE: Downstream users need to install the below pkgs via yum install and then enable SSO from ceph dashboard cli. Rhel 7.7 - Package: python-defusedxml-0.5.0-1.el7ost Package: python-isodate-0.5.4-8.el7 Package: python-saml-1.8.0-2.el7 Package: python-xmlsec-1.3.3-9.el7cp Rhel 8.1 - python3-defusedxml-0.5.0-2.el8ost.noarch.rpm python3-isodate-0.5.4-10.el8ost.noarch.rpm python3-saml-1.8.0-3.el8cp.noarch.rpm python3-xmlsec-1.3.3-9.el8.x86_64.rpm
*** Bug 1709334 has been marked as a duplicate of this bug. ***