Configuring SAML in Kubernetes
You can implement SSO into your Kubernetes environment using Security Assertion Markup Language (SAML).
About this task
The changes in this task affect the following pods:
- community
- mux
- proxy
Procedure
-
Find the idpUrl value.
- Modify the user access URL that was provided by your identity provider so that users are redirected properly.
-
Append the IdP user access URL with
?TARGET=https://fully_qualified_hostname/chat
.
For example, if the following exists:- IdP user access URL is https://idp.example.com/example_tenant&appid=1234
- Sametime fully qualified host name is sametime.example.com.
https://idp.example.com/example_tenant&appid=1234?TARGET=https://sametime.example.com/chat
If you are using a different host name for meetings and web chat, use the host name for the web chat client.
https://idp.example.com/exampletenant&appid=1234?TARGET=https://webchat.example.com/chat
-
Configure the Sametime server to use SAML.
-
Apply your changes to the environment.
Verify that you are in the helm directory and run the following command to apply changes. Specify the Sametime deployment name for your environment. The default for Sametime Premium version 12 is sametime.
helm upgrade sametime_deployment_name .
Note: Be sure to include the dot at the end. It is part of the command.If you are unsure of your deployment name, issue the helm list command to find the name. If you upgraded from an earlier Sametime release, the default name is sametime-meetings. -
Restart the pods with the changes. Use the kubectl scale
command to scale the pods to zero and then to one that have been changed. You
must run the commands for each pod that the change affects.