docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed XML and note formatting

This commit is contained in:
Maria Bermudez 2019-03-11 18:16:58 -07:00 committed by GitHub
parent fa17709ec3
commit 2dc281f029
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 38 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
ee/ucp/admin/configure/integrate-saml.md
View File

@ -15,7 +15,7 @@ keywords: cluster, node, join
Service Provider metadata is available at `https://<SP Host>/enzi/v0/saml/metadata` Service Provider metadata is available at `https://<SP Host>/enzi/v0/saml/metadata`
after SAML is enabled. The metadata link is also labeled as `entityID`. after SAML is enabled. The metadata link is also labeled as `entityID`.
**Note**: Only `POST` binding is supported for the 'Assertion Consumer Service', which is located > **Note**: Only `POST` binding is supported for the 'Assertion Consumer Service', which is located
at `https://<SP Host>/enzi/v0/saml/acs`. at `https://<SP Host>/enzi/v0/saml/acs`.
### Enable SAML and configure UCP ### Enable SAML and configure UCP
@ -25,41 +25,53 @@ is expected:
1. `Subject` includes a `NameID` that is identified as the UCP username. 1. `Subject` includes a `NameID` that is identified as the UCP username.
In `AuthnRequest`, `NameIDFormat` is set to `urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified`. In `AuthnRequest`, `NameIDFormat` is set to `urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified`.
This allows maximum compatibility for various Identity Providers. This allows maximum compatibility for various Identity Providers.
```xml ```xml
<saml2:Subject> <saml2:Subject>
<saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">ry4nz</saml2:NameID> <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">ry4nz</saml2:NameID>
<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml2:SubjectConfirmationData NotOnOrAfter="2018-09-10T20:04:48.001Z" Recipient="https://18.237.224.122/enzi/v0/saml/acs"/> <saml2:SubjectConfirmationData NotOnOrAfter="2018-09-10T20:04:48.001Z" Recipient="https://18.237.224.122/enzi/v0/saml/acs"/>
</saml2:SubjectConfirmation> </saml2:SubjectConfirmation>
</saml2:Subject> </saml2:Subject>
``` ```
2. Optional `Attribute` named `fullname` is mapped to the 'Full name' field 2. Optional `Attribute` named `fullname` is mapped to the 'Full name' field
in the UCP account. in the UCP account.
Note: UCP uses the value of the first occurrence of an `Attribute` with `Name="fullname"` as the 'Full name'. > **Note**: UCP uses the value of the first occurrence of an `Attribute` with `Name="fullname"` as the 'Full name'.
```xml ```xml
<saml2:Attribute Name="fullname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"> <saml2:Attribute Name="fullname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">user.displayName <saml2:AttributeValue
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">user.displayName
</saml2:AttributeValue> </saml2:AttributeValue>
</saml2:Attribute> </saml2:Attribute>
``` ```
3. Optional `Attribute` named `member-of` is linked to the UCP team. 3. Optional `Attribute` named `member-of` is linked to the UCP team.
Values are set in the UCP team UI. Values are set in the UCP team UI.
Note: UCP uses all `AttributeStatements` and `Attributes` in the `Assertion` with `Name="member-of"`. > **Note**: UCP uses all `AttributeStatements` and `Attributes` in the `Assertion` with `Name="member-of"`.
```xml ```xml
<saml2:Attribute Name="member-of" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"> <saml2:Attribute Name="member-of" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">groupName <saml2:AttributeValue
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">groupName
</saml2:AttributeValue> </saml2:AttributeValue>
</saml2:Attribute> </saml2:Attribute>
``` ```
4. Optional `Attribute` named `is-admin` determines if the user is an administrator. The content in the `AttributeValue` is ignored. 4. Optional `Attribute` named `is-admin` determines if the user is an administrator. The content in the `AttributeValue` is ignored.
```xml ```xml
<saml2:Attribute Name="is-admin" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"> <saml2:Attribute Name="is-admin" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">value_does_not_matter <saml2:AttributeValue
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">value_doe_not_matter
</saml2:AttributeValue> </saml2:AttributeValue>
</saml2:Attribute> </saml2:Attribute>
``` ```
#### Okta Configuration #### Okta Configuration
Configuring with Okta is straightforward, as shown in the following examples: Configuring with Okta is straightforward, as shown in the following examples:
![Configure in Okta](../../images/saml_okta_2.png) ![Configure in Okta](../../images/saml_okta_2.png)