Installing the saml-support-service
First, in your helm override file, add saml-support-service
to your list of services specified under moc.services
:
moc:
services:
- sccs
- core
...
- saml-support-service
This should cause the saml support service kubernetes pod to be spun up with the next helm upgrade
command.
Second, you’ll need to configure an ingress for the service and give it a ‘public’ (for your intranet) name so that both MOC and your SAML identity provider can speak to it.
If your kubernetes cluster is running in EKS, this can be done in the helm chart directly:
moc:
albIngresses:
saml-service-ingress:
backendServiceName: saml-support-service
backendServicePort: 8080
host: [your host name]
certARN: [your ssl cert ARN]
In most cases, however, the ingress will need to be manually configured, as each cluster and kubernetes provider are slightly different.
Third, you’ll need to merge in the latest SCCS config files from the latest helm
chart. The latest chart contains the necessary saml-support-service.yaml
file, as well as a ‘ssoadapter’ profile section at the bottom of the application.yaml
file where the specific SAML configuration can be filled out. After updating this configuration you’ll need to restart each of the MOC deployments to pull in the updated security configuration.