Page tree
Skip to end of metadata
Go to start of metadata

This is a reference for security configuration in Moogsoft AIOps. You can edit $MOOGSOFT_HOME/config/security.conf to configure security features such as SSL, LDAP and SAML.

SAML Service Provider Properties

You can configure the SAML realm by giving it a name and changing the values of the following properties:

idpMetadataFile: Location of the identity provider's metadata file. The metadata file provides information on how to connect to the IdP. Moogsoft AIOps requires the file to be in .xml format. 

Type: String
Required: Yes
Default: "/usr/share/moogsoft/etc/saml/my_idp_metadata.xml"

spMetadataFile: Location of the service provider's metadata file. Moogsoft AIOps writes the SP metadata information to this file. This location needs to be accessible and editable by the Apache Tomcat user. Moogsoft AIOps requires the file to be in .xml format. If your IdP does not have an SP metadata file generator, you can create one manually. See Build a Service Provider Metadata File for instructions.

Type: String
Required: No
Default"/usr/share/moogsoft/etc/saml/my_sp_metadata.xml"

defaultRolesDefault roles that Moogsoft AIOps assigns to new users upon first login using SAML. If the user already has a role mapping, Moogsoft AIOps uses that instead.

Type: Array
Required: Yes
Default[ "Operator" ]

defaultTeams: Default teams that Moogsoft AIOps assigns to new users upon first login using SAML. You can create an empty list if you do not want to assign new users to a team.

Type: Array
Required: No
Default: [ "Cloud DevOps" ]

defaultGroup: Default primary group that Moogsoft AIOps assigns to new users upon first login using SAML.

Type: Array
Required: Yes
Default[ "End-User" ]

SAML User Mapping Properties

You can configure how to map IdP user fields to existing Moogsoft AIOps users and how to map user fields for new users. All mappings are case sensitive. Each mapping follows the format "MoogsoftAttribute" : "IdPAttribute".

existingUserMappingField: Defines the field that Moogsoft AIOps uses to map existing users to your IdP users. 

Type: String
Required: No
One of: username, email
Default: "username"

username: Defines the IdP's attribute that maps to username in Moogsoft AIOps.

Type: String
Required: Yes
Default"$Email"

email: Defines the IdP's attribute that maps to email in Moogsoft AIOps.

Type: String
Required: Yes
Default"$Email"

fullname: Defines the IdP attributes that map to full name in Moogsoft AIOps.

Type: String
Required: Yes
Default"$FirstName $LastName"

SAML Optional Properties

You can customize your SAML realm with a number of optional properties:

contactNumber: Defines the IdP attribute that maps to contact number in Moogsoft AIOps. 

Type: String
Required: No
Default: "phone",

department: Defines the IdP attribute that maps to department in Moogsoft AIOps.

Type: String
Required: No
Default: "department",

primaryGroup: Defines the IdP attribute that maps to primary group in Moogsoft AIOps.

Type: String
Required: No
Default"primaryGroup",

timezone: Defines the IdP attribute that maps to timezone in Moogsoft AIOps.

Type: String
Required: No
Default"timezone",

SAML assignTeams Properties 

teamAttribute: Defines the IdP attribute that maps to teams in Moogsoft AIOps.

Type: String
Required: No
Default: "groups"

teamMap: Defines the IdP attribute or custom attribute that maps to team names in Moogsoft AIOps. 

Type: JSON Object
Required: No
Default: "IdP Team" : "Moogsoft AIOps Team", "Another IdP Team" : "Another AIOps team" }

createNewTeams: Creates a team or teams if they did not exist in Moogsoft AIOps already. If you left teamMap empty, the teams adopt their IdP teams names. 

Type: Boolean
Required: No
Default: false

SAML assignRoles Properties

roleAttribute: Defines the IdP attribute containing role information. 

Type: String
Required: No
Default: "groups"

roleMap: Defines the IdP attribute that maps to Moogsoft AIOps roles. 

Type: JSON Object
Required: No
Default: { "IdP Standard User" : "Operator", "IdP Manager User" : "Manager" }

SAML Security Properties

keystorePassword: Your keystore password. Any whitespace in the name is replaced with an underscore.

Type: String
Required: No
Default"<my_realm>_secret"

privateKeyPassword: Your private key password. Any whitespace in the name is replaced with an underscore.

Type: String
Required: No
Default: "<my_realm>_secret"

maximumAuthenticationLifetime: Maximum time in seconds for Moogsoft AIOps to receive an IdP's SAML assertion before it becomes invalid. 

Type: Integer
Required: No
Default2592000 (720 hours)

serviceProviderEntityId: Service Provider Entity ID assertion number. Some IdPs require this ID.

Type: String
Required: No
Default: "MoogsoftAIOps"

  • No labels