Ceph » mgr » Dashboard

I have set up a Ceph cluster on Kubernetes with Rook, we have SSL offloading outside Kubernetes so we config the Ceph dashboard with SSL false.

After we enable SSO with the following command

ceph dashboard sso setup saml2 https://<hostname> <metadata.xml>

Ceph dashboard successfully redirect to our SAML server, but the RelayState of the SAML request is http://<hostname>/auth/saml2/login instead of https://<hostname>/auth/saml2/login
As the result, SAML login failed with message

{"is_authenticated": false, "errors": ["invalid_response"], "reason": "The response was received at http://<hostname>/auth/saml2 instead of https://<hostname>/auth/saml2"}

I have also try tho setup saml2 with hostname http://, but the SAML server (ADFS) don't allow us the use http for login endpoint.

What you expected to happen:

Able to tell Ceph to set the RelayState protocol to HTTPS

Dockerfile I use to install python3-saml to the container

FROM ceph/ceph:v15.2.5
RUN dnf install -y python3-xmlsec
RUN yes | pip3 install python3-saml

• OS (e.g. from /etc/os-release): Red Hat Enterprise Linux Atomic Host 7.7.2
• Kernel (e.g. uname -a): 3.10.0-1062.4.1.el7.x86_64
• Docker version (e.g. docker version): 1.13.1
• Ceph version (e.g. ceph -v): 15.2.5