Created
October 13, 2022 06:46
-
-
Save komazarari/b25ee8cd0bb959c3fab4373e853c0b42 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ~$ sudo -E /opt/perforce/helix-auth-svc/bin/configure-auth-service.sh --allow-root | |
| Perforce client "p4" is required for user provisioning. | |
| Summary of arguments passed: | |
| Service base URL [(not specified)] | |
| OIDC Issuer URI [(not specified)] | |
| OIDC Client ID [(not specified)] | |
| SAML IdP Metadata URL [(not specified)] | |
| SAML IdP SSO URL [(not specified)] | |
| SAML SP Entity ID [(not specified)] | |
| Helix server P4PORT [(not specified)] | |
| Helix super-user [(not specified)] | |
| For a list of other options, type Ctrl-C to exit, and run this script with | |
| the --help option. | |
| You have entered interactive configuration for the service. This script will | |
| ask a series of questions, and use your answers to configure the service for | |
| first time use. Options passed in from the command line or automatically | |
| discovered in the environment are presented as defaults. You may press enter | |
| to accept them, or enter an alternative. | |
| The URL of this service, which must be visible to end users. It must match | |
| the application settings defined in the IdP configuration. The URL must | |
| begin with either http: or https:, and maybe include a port number. If the | |
| URL contains a port number, then the service will listen for connections | |
| on that port. | |
| Example: https://has.example.com:3000/ | |
| Enter the URL for this service: https://my-has-svc.example.com/ | |
| The service can support authentication integration or user provisioning, | |
| as well as both features simultaneously. Please choose which features you | |
| wish to configure from the options below. | |
| 1) Authentication | |
| 2) Provisioning | |
| 3) Both | |
| #? 1 | |
| The service can support both OpenID Connect and SAML 2.0, as well as both | |
| protocols simultaneously. Please choose which protocols you wish to | |
| configure from the options below. | |
| 1) OIDC | |
| 2) SAML | |
| 3) Both | |
| #? 2 | |
| URL of the SAML identity provider metadata configuration in XML format. | |
| This may help to configure several other SAML settings automatically. | |
| If your identity provider does not provide a metadata URL, simply press | |
| Enter and then provide a value for the SSO (single-sign-on) URL at the | |
| next prompt. | |
| Example: https://idp.example.com:8080/saml/metadata | |
| Enter the URL for SAML IdP metadata: https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx | |
| URL of SAML identity provider Single Sign-On service. If the metadata | |
| already contains this value, you do not need to enter one here. | |
| Example: https://idp.example.com/test-app-12345/sso/saml | |
| This value may be used to override the SSO URL in the SAML metadata. | |
| Enter the URL for SAML IdP SSO endpoint: | |
| The SAML entity identifier (entityID) for the Helix Authentication Service. | |
| This value may be defined by the SAML identity provider (e.g. Azure). It is | |
| important that this value matches exactly what is configured in the identity | |
| provider, as it uniquely identifies the service application. | |
| Enter the SAML entity ID for service: https://my-has-svc.example.com/saml | |
| The script is ready to make the configuration changes. | |
| The operations involved are as follows: | |
| * Set SVC_BASE_URI to https://my-has-svc.example.com | |
| * Set SAML_IDP_METADATA_URL to https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx | |
| * Set SAML_SP_ENTITY_ID to https://my-has-svc.example.com/saml | |
| * Set BEARER_TOKEN to keyboard cat | |
| The service will then be restarted. | |
| Do you wish to continue? | |
| 1) Yes | |
| 2) No | |
| #? 1 | |
| ============================================================================== | |
| Automated configuration complete! | |
| What was done: | |
| * The .env configuration file was updated. | |
| * Logging has been configured to write to auth-svc.log in this directory. | |
| * The service was restarted. | |
| What should be done now: | |
| * Provide the BEARER_TOKEN value to the cloud service provider. | |
| The base64-encoded value is ************* | |
| * If not already completed, the server and client certificates should be | |
| replaced with genuine certificates, replacing the self-signed certs. | |
| See the Administration Guide for additional information. | |
| * Visit the service in a browser to verify it is accessible: | |
| https://my-has-svc.example.com | |
| * Consult the admin guide for other settings that may need to be changed | |
| in accordance with the configuration of the identity provider. | |
| * If using Helix Core server, be sure to install and configure the login | |
| extension that interoperates with the service to enable SSO authentication. | |
| * If using Helix ALM, be sure to configure the License Server to connect | |
| with the authentication service for enforcing access controls. | |
| ============================================================================== |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment