AWX SAML Configuration

[Prasad Shetty]

Hello Everyone-

I was trying to setup a SAML team map in AWX . I am able to achieve the same using LDAP but in SAML it bit confusing. Could you please help me on the same. If anyone already configured. Please share the real example configuration for my reference.

SAML ORGANIZATION ATTRIBUTE MAPPING

SAML TEAM MAP 

SAML TEAM ATTRIBUTE MAPPING 

[Raju Das]

Hi,

Please find Redhat Doc if it helps.......

Mapping between organization admins/users and LDAP groups

The org mapping parameters controls what users are placed into what Tower organizations relative to their LDAP group
memberships. Some things to note:

• Keys are organization names.
• Organizations will be created if not present.
• Values are dictionaries defining the options for each organization's membership.
• For each organization it is possible to specify what groups are automatically users of the organization and also what
  groups can administer the organization.
  • admins: None, True/False, string or list/tuple of strings.
    • If None, organization admins will not be updated based on LDAP values.
    • If True, all users in LDAP will automatically be added as admins of the organization.
    • If False, no LDAP users will be automatically added as admins of the organiation.
    • If a string or list of strings, specifies the group DN(s) that will be added of the organization if they match any of the specified groups.
  • remove_admins: True/False. Defaults to True.
    • If True, a user who is not an member of the given groups will be removed from the organization's administrative list.
  • users: None, True/False, string or list/tuple of strings. Same rules apply as for admins.
  • remove_users: True/False. Defaults to True. Same rules as apply for remove_admins

Here is an example input for Organization mapping:

{
    "Test Org": {
        "admins": "CN=Domain Admins,CN=Users,DC=example,DC=com",
        "users": ["CN=Domain Users,CN=Users,DC=example,DC=com"],
        "remove_users" : "True",
        "remove_admins" : "True"
    },
    "Test Org 2": {
        "admins": ["CN=Administrators,CN=Builtin,DC=example,DC=com"],
        "users": "True",
        "remove_users" : "True",
        "remove_admins" : "True"
    }
}

Mapping between team members (users) and LDAP groups.
The team mapping parameters controls what users are placed into what Tower teams relative to their LDAP group
memberships. Some things to note:
Keys are team names (will be created if not present).
Values are dictionaries of options for each team's membership, where each can contain the following parameters:
organization: string. The name of the organization to which the team belongs. The team will be created if the combination of organization and team name does not exist. The organization will first be created if it does not exist.
users: None, True/False, string or list/tuple of strings.
If None, team members will not be updated.
If True/False, all LDAP users will be added/removed as team members.
If a string or list of strings, specifies the group DN(s). User will be added as a team member if the user is a member of ANY of these groups.
remove: True/False. Defaults to False. If True, a user who is not a member of the given groups will be removed from the team.
Here is an example input for Team mapping:

{
    "My Team": {
        "organization": "Test Org",
        "users": ["CN=Domain Users,CN=Users,DC=example,DC=com"],
        "remove": "True"
    },
    "Other Team": {
        "organization": "Test Org 2",
        "users": "CN=Other Users,CN=Users,DC=example,DC=com",
        "remove": "False"
    }
}

With Regards

Raju Das

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAKG6amcUQY%2BKrFtjLvS4anrLdN2pPe2DGstoWgyNKQB9e0OCGA%40mail.gmail.com.

[Prasad Shetty]

Thank you Raju

I am currently using LDAP mapping and it is working fine.I was looking very specifically SAML mapping options.

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAApSnDCV3OgoyQVo783MVjzebG22fAFBKXCvPVgmiV%2BnLSRX3Q%40mail.gmail.com.