I don’t think that’s correct? I already have a certificate set up for HTTPS, and it doesn’t show up in the SAML2 configuration. Maybe I’m mistaken, but I think the SAML2 cert is separate from the regular HTTPS cert?
From: Yury Kirsanov <y.kirsa...@gmail.com> Sent: Monday, October 25, 2021 11:52 AM To: Edward R Huyer <erh...@rit.edu> Cc: ceph-users@ceph.io Subject: Re: [ceph-users] Doing SAML2 Auth With Containerized mgrs CAUTION: This message came from outside RIT. If you are unsure about the source or content of this message, please contact the RIT Service Center at 585-475-5000 or help.rit.edu before clicking links, opening attachments or responding. Hi Edward, You need to set configuration like this, assuming that certificate and key are on your local disk: ceph mgr module disable dashboard ceph dashboard set-ssl-certificate -i <your_certificate>.crt ceph dashboard set-ssl-certificate-key -i <your_certificate_key>.key ceph config-key set mgr/cephadm/grafana_crt -i <your_certificate>.crt ceph config-key set mgr/cephadm/grafana_key -i <your_certificate_key>.key ceph orch reconfig grafana ceph mgr module enable dashboard Hope this helps! Regards, Yury. On Tue, Oct 26, 2021 at 2:45 AM Edward R Huyer <erh...@rit.edu<mailto:erh...@rit.edu>> wrote: Continuing my containerized Ceph adventures.... I'm trying to set up SAML2 auth for the dashboard (specifically pointing at the institute Shibboleth service). The service requires the use of the x509 certificates. Following the instructions in the documentation ( https://docs.ceph.com/en/latest/mgr/dashboard/#dashboard-sso-support ) leads to an error about the certificate file not existing. Some digging suggests that's because the daemon is looking in the container's filesystem rather than the physical host's filesystem. That makes some sense, but it annoying. So my question is: How do I get the cert and key file into the container's filesystem in a persistent way? cephadm enter --name "mgr.hostname" results in a "no such container" error. cephadm shell --name "mgr.hostname" works, but changes don't persist. Any suggestions about this problem specifically, authing the dashboard against Shibboleth, or SAML2 in general? ----- Edward Huyer Golisano College of Computing and Information Sciences Rochester Institute of Technology Golisano 70-2373 152 Lomb Memorial Drive Rochester, NY 14623 585-475-6651 erh...@rit.edu<mailto:erh...@rit.edu><mailto:erh...@rit.edu<mailto:erh...@rit.edu>> Obligatory Legalese: The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this information. _______________________________________________ ceph-users mailing list -- ceph-users@ceph.io<mailto:ceph-users@ceph.io> To unsubscribe send an email to ceph-users-le...@ceph.io<mailto:ceph-users-le...@ceph.io> _______________________________________________ ceph-users mailing list -- ceph-users@ceph.io To unsubscribe send an email to ceph-users-le...@ceph.io
