Authentication

Enterprise Steam supports Local, LDAP, and SAML authentication. No additional configuration is required for Local authentication. Refer to the sections that follow for information on how to configure LDAP and SAML authentication.

Configure LDAP Connection Settings

Enterprise Steam ships with a built-in SQLite database. By default, Enterprise Steam uses this database to store user and cluster management metadata. You can use this database, or you can configure Enterprise Steam to work with your existing LDAP directory.

  1. Navigate to the Configurations page and select the Authentication tab.
  2. Select LDAP in the User DB Type drop down menu, then configure the LDAP connection settings. (Refer to the table below and the image that follows.)
Field Description Example
LDAP Connection Settings
Host The LDAP host server address ldap.0xdata.loc
Port The LDAP server port 389
SSL-Enabled Enable this if your LDAP supports SSL.  
Bind DN The Distinguished Name used by the LDAP server if extended access is required. This can be left blank if anonymous bind is sufficient. cn=admin,dc=0xdata,dc=loc
Bind DN Password/Confirm The password for the Bind DN user h2o
User Base DN The location of the LDAP users, specified by the DN of your user subtree ou=users,dc=0xdata,dc=loc
User Base Filter The LDAP search filter used to filter users department=IT
User Name Attribute The User Attribute that contains the username uid
Group Settings
Group Names The Distinguished Name used for group synch cn=jettygroup,ou=groups,dc=0xdata,dc=loc
Group Base DN The location of your LDAP groups, specified by the DN of your user subtree ou=groups,dc=0xdata,dc=loc
Group Name Attribute The Group Attribute that contains the username cn
Static Member Attribute The attribute for static group entries memberUid
Advanced Settings
Search Request Size Limit Limit the size of search results. 0 indicates unlimited.  
Search Request Time Limit Limit the time allotted for completing search results. 0 indicates unlimited. 0
Cache Max Age (in mins) The maxium age in minutes of of LDAP record in cache before forcing a refresh. Use 0 for no cache (not recommended). 5
Certificate Path Specify CAs to use for contacting LDAP servers. Leave empty to use system root CAs.  
LDAP Configuration
  1. Click Test Config when you are done. A valid response message indicates that the configuration was successful.
  2. Click Save Config.

After LDAP is configured, users can log in to Enterprise Steam using their LDAP username and password.

Notes:

  • The Reset button clears all user-specified information in this form and resets any default values.
  • The Invalidate LDAP cache button invalidates the records in the LDAP cache and forces the cache to retrieve updated records for users.

Configure SAML Connection Settings

Perform the the following steps to configure Enterprise Steam to use SAML authentication.

  1. Navigate to the Configurations page and select the Authentication tab.
  2. Select SAML in the User DB Type drop down menu, then configure the following SAML settings:
Field Description
SAML Settings
IDP Metadata Path The path to the SAML Identity Provider (IdP) metadata file on the local file system.
Keystore Path The path to the keystore file on the local file system.
Keystore Password The keystore password.
Base URL The base URL for Enterprise Steam. For example, http://steam.loc:8888.
Group Settings
User Name Attribute The attribute of authorization token that contains usernames.
Group Name Attribute The attribute of authorization token that contains group names.
Admin Group Name The name of the admin group that will get privileges in Enterprise Steam.
Advanced
SAML Entity ID The PartnerSpID value that will be passed to the IDP. This is optional.
Logout URL Specify the URL where the user will be redirected to after logging out. This is optional. By default, users will see the “Logged Out” screen.
SAML Configuration
  1. Click Save and Enable when you are done.

Notes:

  • The Remove LDAP button is available on this form if LDAP authentication is alerady configured. Click this button to remove the LDAP configuration.
  • The Disable SAML button disables an SAML authentication that is enabled, but it does not delete the configured settings. Note that this will require a server restart.