Lighthouse Setup
You will need to export an IdP metadata xml file for your Lighthouse application integration from your IdP. If your IdP requires that requests be signed by the Service Provider then you will also need to provide an x509 certificate & private key in .pem format (either exported from your IdP or created locally then configured in your IdP).
-
Upload your IdP metadata XML (and if required certificate & private key) to your primary Lighthouse i.e.
scp -
Use the
saml-idp-metadatacommand to configure each lighthouse individually. Each Lighthouse is configured individually with the same or a different metadata xml (and certificate + key).
Note: Each of the commands to configure each Lighthouse individually , must be run from your primary Lighthouse.
# Example: Configuring a Multi-Instance Lighthouse for Okta IdP
# List initial lighthouse configurations (i.e. none)
saml-idp-metadata list# Configure Primary lighthouse
saml-idp-metadata create \
--metadata metadata.xml \
--provider okta \
--lh-id 1
#Configure Secondary lighthouse
saml-idp-metadata create \
--metadata metadata.xml \
--provider okta \
--lh-id 2
# List lighthouse configurations (i.e. both lighthouses configured)
saml-idp-metadata list
Specific examples of IdP setups are available, The following are examples of how you could configure officially supported IdPs. They are based on the above generic step and the IdP’s configuration options as of 10/2021.