Configuring SAML on Docker and Podman
Before you begin
The IdP URL is defined in the configuration. See Setting up SSO using SAML for information on determining the IdP URL value.
About this task
The changes in this task affect the following pods:
- community
The Docker and Podman commands are similar. The only difference is that docker precedes the command when issued in a Docker environment and podman precedes the name in a Podman environment. Example commands used in the Sametime documentation are shown using Docker. For Podman, change docker to podman.
Procedure
- Change directories to the root directory where the Sametime installation package was decompressed.
- Place the samltruststore.p12 file in the directory where the docker-compose.yml file is located.
-
Create a file with the name saml.env.
vi saml.env
-
Add the following lines to the saml.env file.
STI__Config__STSAML_TRUST_STORE_TYPE=p12 STI__Config__STSAML_TRUST_STORE_FILE=/local/notesdata/samltruststore.p12 STI__Config__STSAML_TRUST_STORE_PASSWORD=samltruststorepass
-
Open the docker-compose.yml file for editing.
-
Add a path to the SAML trust store.
- If you do not have a
volumes
section in the docker-compose.yml file, create one under thenetworks
section and add the following line to the section. - If you already have a
volumes
section, add the following line to the section.
- ./samltruststore.p12:/local/notesdata/samltruststore.p12
The section should look like the following example. Ensure that the indentations look like the example.networks: - sametime.test volumes: - ./samltruststore.p12:/local/notesdata/samltruststore.p12
- If you do not have a
-
Update the custom.env file to include the IdP URL as well
as the authentication options.
Authentication options to include are: Jwt, Ltpa, and Saml. If you are uncertain of the value to use for your IdP URL, see Setting up SSO using SAML for details. For example:
STI__ST_BB_NAMES__ST_AUTH_TOKEN=Fork:Jwt,Ltpa,Saml IDP_URL=https://idp.example.com/example_tenant&appid=1234?TARGET=https://sametime.example.com/chat
Note: The TARGET parameter is for the re-direct after a SAML assertion is posted back to Sametime after it has been validated. Ensure that the target points back to the chat host name or chat (as the example shows). -
Open the .env file for editing, and then add the
STCONF_IDPURL parameter.
For example:
STCONF_IDPURL=https://idp.example.com/example_tenant&appid=1234?TARGET=https://sametime.example.com/chat
-
Start the Sametime server to apply the changes.
docker compose up -d