立即与支持人员聊天
与支持团队交流

QoreStor 7.1.2 - User Guide

Introducing QoreStor Accessing QoreStor Configuring QoreStor settings
Licensing QoreStor Configuring SAML Configuring an SSL Certificate for your QoreStor System Configuring Active Directory settings Understanding system operation scheduling Configuring share-level security for CIFS shares Configuring Secure Connect Enabling MultiConnect Configuring and using Rapid NFS and Rapid CIFS Configuring and using VTL Configuring and Using Encryption at Rest Configuring and using the Recycle Bin Configuring Cloud Reader Configuring RDA immutability
Managing containers Managing local storage Managing cloud storage Managing replications Managing users Monitoring the QoreStor system Managing QoreStor remotely Support, maintenance, and troubleshooting Security recommendations guide About us

Configuring SAML

SAML 2.0-based authentication is how QoreStor supports single sign-on (SSO) capabilities through an external identity provider (IdP). QoreStor supports only service provider-initiated login. QoreStor SAML configuration is compatible with the following IdPs:

  • Azure AD
  • OneLogin
  • Okta

Accessing the SAML configuration settings in QoreStor

To access the SAML configuration settings in QoreStor

  1. To display the Users configuration page, in the navigation menu, click Users.
  2. Click Configure SAML.
  3. Provide the URLs displayed on the SAML Configuration page to your chosen IdP:
    • Service Provider EntityId. This URL serves as a unique identifier that represents the particular QoreStor server to the IdP.
    • Service Provider MetaData URL. This URL provides an endpoint on the QoreStor Server that QoreStor uses to furnish keys and additional SAML endpoints to the IdP.
    • Service Provider ACS (Assertion Consumer Services) URL. This URL provides an endpoint on the QoreStor Server that the IdP uses to send its authentication response after the IdP has successfully authenticated a user attempting to login to QoreStor. The IdP uses this URL to redirect the user's browser session back to the QoreStor Server to allow authenticated access to the QoreStor Server.
  4. To complete the SAML configuration, obtain the Identity Provider Metadata URL from the IdP and enter it in the text box.

    This URL is required. It contains the URL of the metadata endpoint provided by the IP to furnish keys and additional SAML endpoints to the QoreStor Server.

  5. Click Save.
  6. Restart the QoreStor UI using the following command:

    /opt/qorestor/bin/storage-server-services/ocaui restart

    NOTE:For SAML redirection to succeed, the QoreStor hostname should be resolvable from the Client browser.

    For more information about configuring SAML for QoreStor, see the QoreStor SAML Configuration Guide.

Registering an SSO user with the QoreStor Server

To register an SSO user with the QoreStor Server

  1. To display the Users configuration page, in the navigation menu, click Users.
  2. To display the Add User sidebar, click Add User.
  3. From the Authentication Type drop-down menu, select SAML as the authentication type for the new user.
  4. For User (Email), enter the email address of the user that was configured in the IdP for access to the QoreStor Server.

    The value provided must be of a valid email address format; for example, john.doe@example.com).

  5. From the Roles drop-down menu, select either the Administrator role or Monitor role.
  6. Optionally, enter the following details:
    • Full Name
    • Phone
    • Description
  7. To add the registered user account with the QoreStor Server, click Save.

    The QoreStor UI Login page now includes a SAML Sign In option.

Logging in to the QoreStor UI using SAML

To log in to the QoreStor UI using SAML

  1. From the QoreStor UI Login page, click SAML Sign In.

    The browser redirects you to the configured IdP's login page.

  2. On the IdP login page, enter the required IdP user credentials.
  3. Optionally, if you configured MFA for your account with the IdP, enter the requested second factor token or provide approval through a mobile application.

    After the IdP authenticates the credentials, the browser session redirects to the QoreStor UI. If the authentication was successful, the QoreStor UI login page briefly displays before the browser session redirects to the QoreStor UI Dashboard.

    You are now logged in to the QoreStor Server.

Configuring an SSL Certificate for your QoreStor System

For additional security, you can replace the self-signed, factory-installed certificate with another SSL certificate, for example, with one that is signed by a third-party CA. Once you have obtained your signed certificate and private key, you can install them by using the QoreStor UI or CLI. Only one certificate can be installed on a QoreStor system at any given point in time. The same certificate will be used for HTTPS access to object containers.

Installing an SSL certificate

To install an SSL certificate, complete the following steps:
  1. In the navigation menu, click Dashboard.
  2. In the System Information pane at the bottom, click SSL Certificate.
  3. Click Upload Certificate.
  4. Select the SSL certificate on your system that you want to install.
  5. Click Upload Key and select your private key.
  6. Click Upload.

Configuring Active Directory settings

You can easily join the QoreStor to your Microsoft Active Directory Services (ADS) domain. This topic describes how to configure Active Directory (AD) settings for the QoreStor system, which requires that you direct yourQoreStor system to join or leave a domain that contains a Microsoft Active Directory Service (ADS). Instructions are provided below to join an ADS domain or to leave an ADS domain. When you join QoreStor to an ADS domain, this disables the Network Time Protocol (NTP) service and instead uses the domain-based time service.

To configure QoreStor for a domain using ADS, complete the following steps:

  1. In the left navigation menu, click System > Active Directory.
  2. Click Join Domain.
  3. Enter the following AD logon information:
    • Domain —Enter a fully qualified domain name for the ADS; for example, AD12.acme.com. (This is a required field.)

      NOTE: Supported domain names are limited to 64 characters in length and can only consist of a combination of A-Z, a-z, 0-9, and three special characters: a dash (-), a period (.), and an underscore (_).

    • Organization—Enter a valid organizational name that meets the organization name guidelines for the ADS. (This is an optional field.)
    • Username—Enter a valid user name that meets the user name guidelines for the ADS. (This is a required field.)

      NOTE: Supported user names are limited to 64 characters in length and can only consist of a combination of A-Z, a-z, 0-9, and three special characters: a dash (-), a period (.), and an underscore (_).

    • Password—Enter a valid password that meets the password guidelines for the ADS. (This is a required field.)
  4. Click Join.
  5. To leave a domain, find the domain on the Active Directory page and click Leave Domain.
    1. In the Leave Active Directory pane, enter the username and password for the ADS domain.
    2. Click Leave.
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级