SafeNet Trusted Access for Chef Automate
The application template provides the ability to enable single sign-on for users accessing the Chef Automate application through SafeNet Trusted Access.
The following use cases can be configured for Chef Automate:
•Just-in-Time (JIT) Provisioning
Configuring SafeNet Trusted Access for Chef Automate is a three-step process:
1.Chef Automate setup
2.SafeNet Trusted Access setup
As a prerequisites, download the Identity Provider Signing Certificate from the SafeNet Trusted Access console by clicking on the Download X.509 certificate button. You will need this certificate in one of the steps below.
Perform the following steps to configure SafeNet Trusted Access as your identity provider in Chef Automate:
1.Log in to your Chef Automate linux instance using the root credentials.
2.Go to your home directory and locate the ./chef-automate script.
3.In the home directory, run the following command to create a Chef Automate configuration file, config.toml.
4.Run the following command to open the config file that you created in the previous step:
5.In config file, under the <dex> tag ,search for the <dex.v1.sys.connectors.saml> tag and perform the following steps:
a.In a text editor, open the signing certificate that you downloaded earlier from the SafeNet Trusted Access console and copy the entire text of the certificate.
b.In the ca_contents field, paste the signing certificate text that you copied in the previous step.
c.In the sso_url field, enter the SINGLESIGNONSERVICE URL that is available on the SafeNet Trusted Access console.
You can copy this URL by clicking the Copy to Clipboard icon available next to the SINGLESIGNONSERVICE field.
d.In the email_attr field, enter email.
e.In the username_attr field, enter username.
f.In the entity_issuer field, enter https://<Server Name>/dex/callback, where <Server Name> is the fully qualified domain name that you configured while creating account in Chef Automate.
g.Save and close the file.
6.Run the following command to update the saml settings in Chef Automate:
./chef-automate config patch <“config.toml file path”>
Where, <config.toml file path> is the path of the config file (for example, /home/admin/config.toml).
After completing the first step of configuring SafeNet Trusted Access in Chef Automate, the second step is to activate the Chef Automate application in SafeNet Trusted Access by performing the following steps:
1.In the Applications pane, the Chef Automate application you added earlier is in the inactive state by default. To configure and activate this application, click the application (for example, Chef Automate) and proceed to the next step.
2. Under STA Setup, perform the following steps:
a.In the Server Name field, enter your fully qualified domain name that you configured earlier while creating the Chef Automate account.
b.Click Save Configuration to save the details and activate the Chef Automate application in SafeNet Trusted Access .
Navigate to the Chef Automate login URL, https://<Server Name>, where < Server Name> is the fully qualified domain name that you entered while creating a Chef Automate account.
You will be redirected to your SafeNet Trusted Access sign-in page. Enter your primary directory login information, approve the two-factor authentication, and you should be redirected to your Chef Automate account after authentication.
Navigate to the User Portal URL to log in to the STA User Portal dashboard. On the dashboard, you will see a list of applications to which you have access. Click the Chef Automate application icon. You should be successfully logged in to your Chef Automate account after authentication.
© 2019 SafeNet Trusted Access. Various trademarks are held by their respective owners.