You can enhance the security and flexibility of MKE by implementing a SAML
proxy. With such a proxy, you can lock down your MKE deployment and still
benefit from the use of SAML authentication. The proxy, which sits between MKE
and Identity Providers (IdPs), forwards metadata requests between these two
entities, using designated ports during the configuration process.
To set up a SAML proxy in MKE:
Use the MKE web UI to add a proxy service.
Kubernetes
Log in to the MKE web UI as an administrator.
In the left-side navigation panel, navigate to
Kubernetes > Pods and click the Create
button to call the Create Kubernetes Object pane.
In the Namespace dropdown, select default.
In the Object YAML editor, paste the following
Deployment object YAML:
Be aware that the log entry can take up to five minutes to register.
Configure the SAML proxy.
MKE web UI
Log in to the MKE web UI as an administrator.
In the left-side navigation panel, navigate to
<user-name> > Admin Settings > Authentication &
Authorization to display the Authentication & Authorization pane.
Toggle the SAML control to enable SAML and expand the
SAML settings.
Enable the SAML Proxy setting to reveal the
Proxy URL, Proxy Username, and
Proxy Password fields.
Insert the pertinent field information and click Save.
CLI
Note
If upgrading from a previous version of MKE, you will need to add the
[auth.samlProxy] section to the MKE configuration file.