-
-
Notifications
You must be signed in to change notification settings - Fork 909
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New Aruba Orchestrator Integration #12027
Open
jazzyj123
wants to merge
13
commits into
goauthentik:main
Choose a base branch
from
jazzyj123:main
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from all commits
Commits
Show all changes
13 commits
Select commit
Hold shift + click to select a range
129d2b8
Create index.md
jazzyj123 e154633
Delete website/integrations/services/aruba-orchestrator directory
jazzyj123 c7fa82b
Create index.md
jazzyj123 3146fdb
Update index.md
jazzyj123 7b24ec8
Update index.md
jazzyj123 440da1e
Added Aruba Orchestrator
jazzyj123 5446c1e
Merge pull request #1 from jazzyj123/jazzyj123-Aruba-Orchestrator-v1
jazzyj123 e0ca85a
Delete website/integrations/services/Aruba-Orchestrator directory
jazzyj123 2208b92
Create index.md
jazzyj123 9b60806
Merge branch 'goauthentik:main' into main
jazzyj123 4243a33
Update sidebarsIntegrations.js
jazzyj123 a3dc199
Update index.md (#2)
jazzyj123 f152fef
Added Aruba Orchestrator v3 (#3)
jazzyj123 File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,74 @@ | ||
| --- | ||
| title: Integrate with Aruba Orchestrator | ||
| sidebar_label: Aruba Orchestrator | ||
| --- | ||
|
|
||
| # Aruba Orchestrator | ||
|
|
||
| <span class="badge badge--secondary">Support level: Community</span> | ||
|
|
||
| ## What is Aruba Orchestrator | ||
|
|
||
| > Aruba Orchestrator is a network management platform used to centrally manage, configure, monitor, and automate Aruba network devices and services. It provides tools for network visibility, policy management, and performance monitoring, simplifying the administration of complex and distributed network environments. | ||
| > | ||
| > -- https://www.hpe.com/us/en/aruba-edgeconnect-sd-wan.html | ||
|
|
||
| ## Preparation | ||
|
|
||
| The following placeholders will be used: | ||
|
|
||
| - `arubaorchestrator.company` is the FQDN of the Aruba Orchestrator install. | ||
| - `authentik.company` is the FQDN of the authentik install. | ||
| - `ssl.certificate` is the name of the SSL certificate used to sign outgoing responses. | ||
|
|
||
| ## authentik Configuration | ||
|
|
||
| 1. Log in to authentik as an admin, and go to the Admin interface. | ||
| 2. Create a new SAML Property Mapping under **Customisation** -> **Property Mappings**: | ||
|
|
||
| - **Name**: `Aruba Orchestrator RBAC` | ||
| - **SAML Attribute Name**: `sp-roles` | ||
| - **Expression**: Use the expression below but amend the group name as desired. | ||
| > if ak_is_group_member(request.user, name="authentik Admins"): | ||
| > result = "superAdmin" | ||
| > return result | ||
| - Save settings | ||
|
|
||
| 3. Create a new SAML Provider under **Applications** -> **Providers** using the following settings: | ||
| - **Name**: Aruba Orchestrator | ||
| - **Authentication Flow**: `default-authentication-flow (Welcome to authentik!)` | ||
| - **Authorization Flow ID**: `default-provider-authorization-explicit-consent (Authorize Application)` | ||
| - Protocol settings: | ||
| - - **ACS URL**: `https://arubaorchestrator.company/gms/rest/authentication/saml2/consume` | ||
| - - **Issuer**: `https://arubaorchestrator.company/gms/rest/authentication/saml2/consume` | ||
| - - **Service Provider Binding**: Post | ||
| - Advanced protocol settings: | ||
| - - **Signing Certificate**:`ssl.certificate` | ||
| - - **Property Mappings**:`default` + `sp-roles` | ||
| - Leave everything else as default and save settings | ||
| 4. Download the signing certificate under **Applications** -> **Providers** -> **Aruba Orchestrator** | ||
| 5. Create a new application under **Applications** -> **Applications**, pick a name and a slug, and assign the provider that you have just created. | ||
|
|
||
| ## Aruba Orchestrator Configuration | ||
|
|
||
| 1. Log into the Aruba Orchestrator | ||
| 2. Create a new Remote Authentication Server under **Orchestrator** -> **Authentication** -> **Add New Server** | ||
| - **Type**: `SAML` | ||
| - **Name**: `authentik` | ||
| - **Username Attribute**: `http://schemas.goauthentik.io/2021/02/saml/username` | ||
| - **Issuer URL**: `https://arubaorchestrator.company/gms/rest/authentication/saml2/consume` | ||
| - **SSO Endpoint**: `https://authentik.company/application/saml/<slug>/sso/binding/init/` (replace \<slug\> with application slug name) | ||
| - **IdP X509 Cert**: (paste in the downloaded signing certificate) | ||
| - **ACS URL**: `https://arubaorchestrator.company/gms/rest/authentication/saml2/consume` | ||
| - **EdgeConnect SLO Endpoint**: `https://arubaorchestrator.company/gms/rest/authentication/saml2/logout` | ||
| - **iDP SLO Endpoint**: (optional) | ||
| - **EdgeConnect X.509 Cert SLO**: (optional) | ||
| - **Roles Attribute**: `sp-roles` (optional) | ||
| - **Appliance Access Group Attribute**: (optional) | ||
| - **Default role**: (optional) | ||
|
|
||
| ## Verification | ||
|
|
||
| 1. Go to `https://arubaorchestrator.company` | ||
| 2. Click **Log In Using authentik** on the login screen and authorize with authentik. | ||
| 3. You will be redirected to the home screen of the Aruba Orchestrator. | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If it's an SSL certificate, it shouldn't be formatted as a domain. If I were you, I would remove this line and refer to the certificate directly in the documentation