# SAML 2 Configuration

Follow the below instructions to enable SAML2 configuration.&#x20;

1. To enable SAML2 Configuration, add the below config in the values file

&#x20;    a. Please make the `global.installOpenLdap` and `global.ldap` section to false.&#x20;

&#x20;    b. Update `global.auth.saml` to false.

&#x20;    c. Update `gate.config.saml` to true.

&#x20;    d. Copy the below block of code to values.yaml.&#x20;

```
spring:
 security:
  saml2:
    enabled: true
    registration-id: SSO
    relyingparty:
      registration:
        SSO:
          entity-id: ${entityId}
          acs:
           location: https://${locationurl}/saml/SSO
          assertingparty:
            metadata-uri: https://${metadatauri}/sso/saml/metadata
          decryption:
            credentials:
              - private-key-location: file:/opt/saml/certs/key.pem
                certificate-location: file:/opt/saml/certs/cert.pem
            singlesignon.sign-request: true
    user-attribute-mapping:
      email: email
      firstName: firstName
      lastName: lastName
      roles:
        attributeName: memberOf
        sortRoles: true
        forceLowercaseRoles: true
        rolesDelimiter: ","
    signatureDigest: SHA256
    userSource: gate
```

&#x20;  e. Update okta groups under **global.saporgate** config ( Specify the groups you want to see in isd)

{% code overflow="wrap" %}

```
saporgate:
  config:
    username: admin # Admin user of saml
    adminGroups: admin ## (groups defined here will have superAdmin privileges in Autopilot)
```

{% endcode %}

2. Create cert+key pair using the command given below:

```
openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out
cert.pem
```

Create a secret to store the key.pem and cert.pem by executing the command below:

```
kubectl create secret generic samlcerts --from-file key.pem --from-file
cert.pem -n namespace
```

3. Add the below code to gate deployment volumes and volume mounts.

```
volumes:
- name: samlcerts
  secret:
    defaultMode: 420
    items:
    - key: key.pem
      path: key.pem
    - key: cert.pem
      path: cert.pem
    secretName: samlcerts
```

```
volumeMounts:
- mountPath: /opt/saml/certs
  name: samlcerts
  readOnly: true
```

4. Remove the below code from gate deployment volumes and volume mounts.&#x20;

```
volumeMounts:
- mountPath: /opt/spinnaker/saml/oessaml.jks
  name: saml-jks
  subPath: oessaml.jks
- mountPath: /opt/spinnaker/saml/oesmetadata.xml
  name: metadata-xml
  subPath: oesmetadata.xml
```

```
volumes:
- name: saml-jks
  secret:
    defaultMode: 420
    secretName: oessamljks
- name: metadata-xml
  secret:
    defaultMode: 420
    secretName: oesmetadataxml
```

The SAML2 is configured successfully.&#x20;


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.opsmx.com/opsmx-1/opsmx-intelligent-software-delivery-isd-platform-argo/additional-resources/configuration-changes/saml-2-configuration.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.