SingleStore DB

Configuring SAML Global Variables

Before you can authenticate users with SAML, you must configure each SingleStore DB aggregator node’s memsql.cnf file. The default values for three of the variables is OFF:

SHOW VARIABLES LIKE 'saml%';
+-----------------------------------+-------+
| Variable_name                     | Value |
+-----------------------------------+-------+
| saml_assertion_audience           |       |
| saml_message_recipient            |       |
| saml_private_decryption_key       |       |
| saml_require_encryption           | OFF   |
| saml_require_signature_validation | OFF   |
| saml_use_NameID                   | OFF   |
| saml_user_name_attribute          |       |
| saml_x509_certificate             |       |
+-----------------------------------+-------+
8 rows in set (0.00 sec)

To enable SAML authentication, the memsql.cnf file on each master aggregator must specify values for one or more of these variables — you cannot use the SET GLOBAL statement. The values are set on server startup and can only be read afterwards. If you want to modify the configuration, each aggregator node in the cluster must be restarted after any changes have been made.

The settings for each configuration variable depend on the expected structure of an incoming SAML assertion, and a number of configuration combinations are possible.