Azure & SAML config – launching CUBE locally on DMA?

Solved406 viewsadl2099 Azure SAML
1
0 Comments

Reading through this older post:
https://community.dataminer.services/question/azuread-saml-authentication-in-dataminer-cluster/

Is there a way to configure SAML so that this type of access can be used by admins also when launching CUBE directly on the DMA server (the equivalent of LocalHost, but with the full URL configured for the Azure integration, e.g. MyDMA.myDomain.org required for https)?

Thanks

EDIT: adding the screenshot mentioned in the comments below

Alberto De Luca [DevOps Enabler] Selected answer as best 22nd June 2024

1 Answer

3
7.48K 3 Comments

Hi Alberto,

I just tested this on one of our DMAs, and this works fine.

The DMA is configured to use SAML against our Azure AD with a URL like mydma.mydomain.org.

I did an RDP to the DMA and I'm able to locally open a Cube to both localhost or mydma.mydomain.org using SAML authentication. They both successfully log in.

I double checked the app registration and the enterprise app in Azure, and I was expecting it to have localhost in there as redirect URIs, both it's not. So, I'm not sure why localhost is accepted, maybe that's somewhere in an exception list... Anyhow, it seems to work on this DMA.

Do note that Cube mentions in the logging that Cube does connect to https://localhost and not http (without s).

In case you would configure SAML, and you run into any problems, don't hesitate to ping us so that we can take a look and help you out.

Bert

Alberto De Luca [DevOps Enabler] Selected answer as best 22nd June 2024
Bert Buysschaert [SLC] [DevOps Enabler] commented

The reason that this works for Cube is because Cube intercepts the HTTP redirect after login on the Identity Provider website, to forward the SAMLResponse to SLNet, as Cube is not a web application. So the registered URI does not matter for Cube, but it will matter if you would want to visit the webapps on ‘localhost’.
Bert Vandenberghe [SLC] [DevOps Enabler] commented

Ah OK, that explains it! Many thanks for your expert comment!
Alberto De Luca [DevOps Enabler] commented

Thank you both for the thorough explanation – much appreciated.

I may need some help while reviewing the configuration with our squad – at the moment, I’m able to connect via SAML to the DMA configured when I use separate clients to run CUBE;

when I try the same by launching CUBE locally on the DMA, via RDP, the log-in doesn’t work (even if I specify the “https://MyDMAname.myDomain” that works from the remote client).

Adding some screenshots for common reference
You are viewing 1 out of 1 answers, click here to view all answers.