ClearML/clearml-docs
1
0
Fork 0
mirror of https://github.com/clearml/clearml-docs synced 2025-06-26 18:17:44 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add Microsoft AD SAML configuration

Browse Source
This commit is contained in:
revital
2025-02-13 15:06:27 +02:00
parent 4e56c956ed
commit f768fe4ef9
2 changed files with 65 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
docs/deploying_clearml/enterprise_deploy/sso_saml_k8s.md Normal file
View File

@@ -0,0 +1,60 @@
---
title: Microsoft AD SAML
---
This document describes the configuration required for connecting a ClearML Kubernetes server to allow authenticating
users with Microsoft AD using SAML.
Configuration requires two steps:
* Configuration of the application in the active directory
* Configuration in the ClearML server side
## Active Directory Configuration
1. Register the ClearML app with the callback url: `<clearml_webapp_address>/callback_microsoft_ad`
1. Make sure that SSO binding is set to HTTP-Redirect
1. Make sure that the following user claims are returned to the ClearML app:
```
emailaddress - user.mail
displayname - user.displayname
Unique user identifier - user.principalname
```
1. Generate the IdP metadata file and save the file and entity ID
## ClearML Server Side Configuration
The following should be configured in the override file:
```
apiserver:
additionalConfigs:
metadata.xml: |
<?xml version="1.0"?>
<test>
<rule id="tst">
<test_name>test</test_name>
</rule>
</test>
extraEnvs:
- name: "ALLEGRO__secure__login__sso__saml_client__microsoft_ad__entity_id"
value: "<app_entity_id>"
- name: "ALLEGRO__secure__login__sso__saml_client__microsoft_ad__idp_metadata_file"
value: "/opt/clearml/config/default/metadata.xml"
- name: "ALLEGRO__secure__login__sso__saml_client__microsoft_ad__default_company"
value: "<company_id>"
- name: "CLEARML__services__login__sso__saml_client__microsoft_ad__claims__object_id"
value: "http://schemas.microsoft.com/identity/claims/objectidentifier"
- name: "CLEARML__services__login__sso__saml_client__microsoft_ad__claims__name"
value: "http://schemas.microsoft.com/identity/claims/displayname"
- name: "CLEARML__services__login__sso__saml_client__microsoft_ad__claims__email"
value: "emailAddress"
- name: "CLEARML__services__login__sso__saml_client__microsoft_ad__claims__given_name"
value: "givenName"
- name: "CLEARML__services__login__sso__saml_client__microsoft_ad__claims__surname"
value: "surname"
- name: "CLEARML__services__login__sso__saml_client__microsoft_ad__claims__email"
value: "emailAddress"
- name: "CLEARML__services__login__sso__saml_client__microsoft_ad__claims__email"
value: "emailAddress"
```

5
sidebars.js
View File

@@ -706,5 +706,10 @@ module.exports = {
'deploying_clearml/enterprise_deploy/app_custom',
]
},
{
'SSO': [
'deploying_clearml/enterprise_deploy/sso_saml_k8s',
]
},
]
};