SAML properties
In Cloudera Data Warehouse, SSO with SAML is automatically configured. However, if you need to configure a certain parameter, you can set the properties in the hue-safety-valve field.
| SAML parameter | Description |
|---|---|
authn_requests_signed |
Boolean, that when True, signs Hue-initiated authentication requests with X.509 certificate. |
backend |
Hard-coded value set to SAML backend library packaged
with Hue
(libsaml.backend.SAML2Backend). |
base_url |
URL that SAML Identity Provider uses for responses. Typically used in Load balanced Hue environments. |
cert_file |
Path to X.509 certificate sent with encrypted metadata. File format must be .PEM. |
create_users_on_login |
Boolean, that when True, creates users from OpenId, upon successful login. |
entity_id |
Service provider ID. Can also accept pattern where '<base_url>' is replaced with server URL base. |
key_file |
Path to private key used to encrypt metadata. File format must be .PEM. |
key_file_password |
Password used to decrypt the X.509 certificate in memory. |
logout_enabled |
Boolean, that when True, enables single logout. |
logout_requests_signed |
Boolean, that when True, signs Hue-initiated logout requests with an X.509 certificate. |
metadata_file |
Path to readable metadata XML file copied from Identity Provider. |
name_id_format |
Format of NameID that Hue requests from SAML server. |
optional_attributes |
Comma-separated list of optional attributes that Hue requests from Identity Provider. |
required_attributes |
Comma-separated list of required attributes that Hue
requests from Identity Provider. For example,
uid and email. |
redirect_whitelist |
Fully qualified domain name of SAML server:
"^\/.*$,^https:\/\/<SAML_server_FQDN>\/.*$". |
user_attribute_mapping |
Map of Identity Provider attributes to Hue django user attributes. For example, {'uid':'username', 'email':'email'}. |
username_source |
Declares source of username as nameid or attributes. |
want_response_signed |
A boolean parameter, when set to True, requires SAML response
wrapper returned by an IdP to be digitally signed by the IdP. The default value is
False. |
want_assertions_signed |
A boolean parameter, when set to True, requires SAML assertions
returned by an IdP to be digitally signed by the IdP. The default value is
False. |
xmlsec_binary |
Path to xmlsec_binary that signs,
verifies, encrypts/decrypts SAML requests and assertions. Must
be executable by user, hue. |
