Online Help

SafeNet Trusted Access for Chef Automate

Overview

The application template provides the ability to enable single sign-on for users accessing the Chef Automate application through SafeNet Trusted Access.

The following use cases can be configured for Chef Automate:

SP-initiated SSO

Just-in-Time (JIT) Provisioning

Configuring SafeNet Trusted Access for Chef Automate is a three-step process:

1.Chef Automate setup

2.SafeNet Trusted Access setup

3.Verify authentication

Chef Automate Setup

As a prerequisites, download the Identity Provider Signing Certificate from the SafeNet Trusted Access console by clicking on the Download X.509 certificate button. You will need this certificate in one of the steps below.

Perform the following steps to configure SafeNet Trusted Access as your identity provider in Chef Automate:

1.Log in to your Chef Automate linux instance using the root credentials.

2.Go to your home directory and locate the ./chef-automate script.

3.In the home directory, run the following command to create a Chef Automate configuration file, config.toml.

./chef-automate init-config

4.Run the following command to open the config file that you created in the previous step:

vi config.toml

5.In config file, under the <dex> tag ,search for the <dex.v1.sys.connectors.saml> tag and perform the following steps:

a.In a text editor, open the signing certificate that you downloaded earlier from the SafeNet Trusted Access console and copy the entire text of the certificate.

b.In the ca_contents field, paste the signing certificate text that you copied in the previous step.

c.In the sso_url field, enter the SINGLESIGNONSERVICE URL that is available on the SafeNet Trusted Access console.

You can copy this URL by clicking the Copy to Clipboard icon available next to the SINGLESIGNONSERVICE field.

d.In the email_attr field, enter email.

e.In the username_attr field, enter username.

f.In the entity_issuer field, enter https://<Server Name>/dex/callback, where <Server Name> is the fully qualified domain name that you configured while creating account in Chef Automate.

g.Save and close the file.

6.Run the following command to update the saml settings in Chef Automate:

./chef-automate config patch <“config.toml file path”>

Where, <config.toml file path> is the path of the config file (for example, /home/admin/config.toml).

SafeNet Trusted Access Setup

After completing the first step of configuring SafeNet Trusted Access in Chef Automate, the second step is to activate the Chef Automate application in SafeNet Trusted Access by performing the following steps:

1.In the Applications pane, the Chef Automate application you added earlier is in the inactive state by default. To configure and activate this application, click the application (for example, Chef Automate) and proceed to the next step.

2. Under STA Setup, perform the following steps:

a.In the Server Name field, enter your fully qualified domain name that you configured earlier while creating the Chef Automate account.

b.Click Save Configuration to save the details and activate the Chef Automate application in SafeNet Trusted Access .

Verify Authentication

Using STA Console

Navigate to the Chef Automate login URL, https://<Server Name>, where < Server Name> is the fully qualified domain name that you entered while creating a Chef Automate account.

You will be redirected to your SafeNet Trusted Access sign-in page. Enter your primary directory login information, approve the two-factor authentication, and you should be redirected to your Chef Automate account after authentication.

Using STA User Portal

Navigate to the User Portal URL to log in to the STA User Portal dashboard. On the dashboard, you will see a list of applications to which you have access. Click the Chef Automate application icon. You should be successfully logged in to your Chef Automate account after authentication.

 

© 2019 SafeNet Trusted Access. Various trademarks are held by their respective owners.