📙 You will learn
How to create a new SAML integration and change SAML settings.
Prerequisites
Audience: IT Professional
Difficulty: Advanced
Time needed: Approximately 15 minutes
Tools required: See Pre-requisites list below
Pre-requisites List:
ThreadFix instance running in Kubernetes
kubectl access to Kubernetes cluster
Helm version greater than 3.2
Bash compatible terminal
Basic SAML Settings
Basic SAML Settings can be changed from the UI by navigating to the Global menu→ Administration → System Settings → SAML Settings. If more advanced configurations are needed, use the following guide for creating and updating SAML settings.
Changing Settings in Existing SAML
If there is already a working SAML integration. Follow the instructions below to change settings.
Enter the following commands on a command line to perform the described action.
Get the Helm release name for the ThreadFix instance.
Code Block TF_RELEASE=$(helm ls | grep threadfix | awk '{print $1}')Get the current installed version of ThreadFix.
Code Block TF_VERSION=$(helm ls --filter "$TF_RELEASE" | grep -o 'threadfix-[Az0-9\.\-]*' | sed 's|threadfix-||g')
Export the currently installed Helm values.
Code Block helm get values $TF_RELEASE > myValues.yaml
Backup values to a separate file.
Code Block cp myValues.yaml myValues.yaml.bak
Change SAML settings:
Open myValues.yaml in a text editor.
Locate the 'onelogin.saml.properties' section.
Edit properties as desired.
Save the file.
Update the ThreadFix Helm installation.
Code Block helm upgrade --no-hooks $TF_RELEASE denimgroup/threadfix --version $TF_VERSION -f myValues.yaml
If not using 'denimgroup/threadfix' as the chart name, this value must be changed to the location of the ThreadFix chart. Use helm search repo threadfix to find the correct chart name.
Restart the authorization container.
Code Block kubectl rollout restart deploy $(kubectl get deploy -l app.kubernetes.io/name=auth,app.kubernetes.io/part-of=threadfix -o jsonpath='{ .items[].metadata.name }
Create New SAML Integration
If the ThreadFix instance does not have any current SAML integrations, follow this section.
Get the Helm release name for the ThreadFix instance.
Code Block TF_RELEASE=$(helm ls | grep threadfix | awk '{print $1}')Get the current installed version of ThreadFix.
Code Block TF_VERSION=$(helm ls --filter "$TF_RELEASE" | grep -o 'threadfix-[Az0-9\.\-]*' | sed 's|threadfix-||g')
Export the currently installed Helm values.
Code Block helm get values $TF_RELEASE > myValues.yaml
Backup values to a separate file.
Code Block cp myValues.yaml myValues.yaml.bak
Pull the ThreadFix chart locally.
Code Block helm pull denimgroup/threadfix --version $TF_VERSION
Unzip the ThreadFix chart archive.
Code Block tar -zvf threadfix-$TF_VERSION.tgz
Add the default onelogin.saml.properties to myValues.yaml.
Code Block echo "\"onelogin.saml.properties\": |2" >> myValues.yaml awk '{print " "$0}' threadfix/config/onelogin.saml.properties >> myValues.yamlChange SAML settings:
Open myValues.yaml in a text editor.
Locate the 'onelogin.saml.properties' section.
Edit properties as desired.
Save the file.
Update the ThreadFix Helm installation.
Code Block helm upgrade --no-hooks $TF_RELEASE denimgroup/threadfix --version $TF_VERSION -f myValues.yaml
If not using 'denimgroup/threadfix' as the chart name, this value must be changed to the location of the ThreadFix chart. Use helm search repo threadfix to find the correct chart name.
Restart the authorization container.
Code Block kubectl rollout restart deploy $(kubectl get deploy -l app.kubernetes.io/name=auth,app.kubernetes.io/part-of=threadfix -o jsonpath='{ .items[].metadata.name }')
Table of Contents
| Table of Contents |
|---|