forked from pivotal-cf/docs-pcf-install
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path_using_idp_ops_manager.html.md.erb
40 lines (26 loc) · 2.83 KB
/
_using_idp_ops_manager.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
1. Log in to your IdP console and download the IdP metadata XML. Optionally, if your IdP supports metadata URL, you can copy the metadata URL instead of the XML.
1. Copy the IdP metadata XML or URL to the Ops Manager **Use an Identity Provider** log in page.
<%= image_tag("meta-om.png") %>
<p class="note"><strong>Note</strong>: The same IdP metadata URL or XML is applied for the BOSH Director. If you use a separate IdP for BOSH, copy the metadata XML or URL from that IdP and enter it into the BOSH IdP Metadata text box in the Ops Manager log in page.</p>
1. Enter values for the fields listed below. Failure to provide values in these fields results in a `500` error.
* **SAML admin group**: Enter the name of the SAML group that contains all Ops Manager administrators.
* **SAML groups attribute**: Enter the groups attribute tag name with which you configured the SAML server.
1. Enter your **Decryption passphrase**. Read the **End User License Agreement**, and select the checkbox to accept the terms.
1. Your Ops Manager log in page appears. Enter your username and password. Click **Login**.
1. Download your SAML Service Provider metadata (SAML Relying Party metadata) by navigating to the following URLs:
* <strong>5a.</strong> Ops Manager SAML service provider metadata: `https://OPS-MAN-FQDN:443/uaa/saml/metadata`
* <strong>5b.</strong> BOSH Director SAML service provider metadata: `https://BOSH-IP-ADDRESS:8443/saml/metadata`
<p class="note"><strong>Note</strong>: To retrieve your <code>BOSH-IP-ADDRESS</code>, navigate to the <strong>BOSH Director</strong> tile > <strong>Status</strong> tab. Record the <strong>BOSH Director</strong> IP address.</p>
1. Configure your IdP with your SAML Service Provider metadata. Import the Ops Manager SAML provider metadata from Step 5a above to your IdP.
If your IdP does not support importing, provide the values below.
* **Single sign on** URL: `https://OPS-MAN-FQDN:443/uaa/saml/SSO/alias/OPS-MAN-FQDN`
* **Audience URI** (SP Entity ID): `https://OP-MAN-FQDN:443/uaa`
* **Name ID**: Email Address
* SAML authentication requests are always signed
1. Import the BOSH Director SAML provider metadata from Step 5b to your IdP. If the IdP does not support an import, provide the values below.
* **Single sign on** URL: `https://BOSH-IP:8443/saml/SSO/alias/BOSH-IP`
* **Audience URI** (SP Entity ID): `https://BOSH-IP:8443`
* **Name ID**: Email Address
* SAML authentication requests are always signed
1. Return to the **BOSH Director** tile, and continue with the configuration steps below.
<p class="note"><strong>Note</strong>: For an example of how to configure SAML integration between Ops Manager and your IdP, see the <a href="../opsguide/adfs-sso-configuration.html">Configuring Active Directory Federation Services as an Identity Provider</a> topic.</p>