DocsEdge StackSingle Sign-On with OneLogin
Single Sign-On with OneLogin
OneLogin is an application that manages authentication for your users on your network, and can provide backend access to Ambassador Edge Stack.
To use OneLogin with Ambassador Edge Stack:
- Create an App Connector
- Gather OneLogin Credentials
- Configure Ambassador Edge Stack
Create an App Connector
To use OneLogin as your IdP, you will first need to create an OIDC custom connector and create an application from that connector.
To do so:
- In your OneLogin portal, select Administration from the top right.
- From the top left menu, select Applications > Custom Connectors and click the New Connector button.
- Give your connector a name.
- Select the
OpenID Connect
option as your "Sign on method." - Use
http(s)://{{AMBASSADOR_URL/.ambassador/oauth2/redirection-endpoint
as the value for "Redirect URI." - Optionally provide a login URL.
- Click the Save button to create the connector. You will see a confirmation message.
- In the "More Actions" tab, select Add App to Connector.
- Select the connector you just created.
- Click the Save button.
You will see a success banner, which also brings you back to the main portal page. OneLogin is now configured to function as an OIDC backend for authentication with Ambassador Edge Stack.
Gather OneLogin Credentials
Next, configure Ambassador Edge Stack to require authentication with OneLogin, so you must collect the client information credentials from the application you just created.
To do so:
- In your OneLogin portal, go to Administration > Applications > Applications.
- Select the application you previously created.
- On the left, select the SSO tab to see the client information.
- Copy the value of Client ID for later use.
- Click the Show Client Secret link and copy the value for later use.
Configure Ambassador Edge Stack
Now you must configure your Ambassador Edge Stack instance to use OneLogin.
- First, create an OAuth Filter with the credentials you copied earlier.
Here is an example YAML:
- Next, create a FilterPolicy to use the
Filter
you just created.
Some example YAML:
- Lastly, apply both the
Filter
andFilterPolicy
you created with akubectl
command in your terminal:
Now any requests to https://{{AMBASSADOR_URL}}/backend/get-quote/
will require authentication from OneLogin.