UNCLASSIFIED

Skip to content

GitLab

Commit 8a817fd8 authored by thomas.burton's avatar thomas.burton
Browse files

more README edits

parent e7af80c7
Hide whitespace changes
Inline Side-by-side
Showing with 18 additions and 12 deletions
README.md
View file @ 8a817fd8
# Twistlock # Twistlock
## This should not go into production with license and token ## Licensing is required for this applicaiton.
## Twistlock under DSOP ## Twistlock under DSOP
...@@ -9,13 +9,14 @@ The Twistlock Platform provides vulnerability management and compliance across t ...@@ -9,13 +9,14 @@ The Twistlock Platform provides vulnerability management and compliance across t
This installation follows the Twistlock documented guidance. Twistlock documentation can be found at: This installation follows the Twistlock documented guidance. Twistlock documentation can be found at:
<https://docs.paloaltonetworks.com/prisma/prisma-cloud/20-04/prisma-cloud-compute-edition-admin/welcome.html> <https://docs.paloaltonetworks.com/prisma/prisma-cloud/20-04/prisma-cloud-compute-edition-admin/welcome.html>
The Twistlock Console is deployed as a part of the gitops. Once deployed the process of setting up daemonsets is currently a manual process. For this installation the following information is needed:
The Twistlock Console is deployed as a part of the gitops. Once deployed the process of setting up daemonsets is currently a manual process. In order to install the following is required:
### Prerequisites ### Prerequisites
* Kubernetes cluster deployed * Kubernetes cluster deployed
* Kubernetes config installed in `~/.kube/config` * Kubernetes config installed in `~/.kube/config`
* Elasticsearch and Kibana deployed to Kubernetes namespace * Elasticsearch, Keycloak and Kibana deployed and accessable.
Install kubectl Install kubectl
...@@ -186,8 +187,15 @@ fi ...@@ -186,8 +187,15 @@ fi
## Integrating with SAML ## Integrating with SAML
Integrating Prisma Cloud with SAML consists of setting up your IdP, then configuring Prisma Cloud to integrate with it. for keycloak integration we will use use ADFS as the IdP. Integrating Prisma Cloud with SAML consists of setting up your IdP, then configuring Prisma Cloud to integrate with it. for keycloak integration we will use use ADFS as the IdP.
The following information is required to setup up Prisma Cloud in Keycloak:
Setting up Prisma Cloud in Keycloak * The SSO_URI will be the keycloak SAML URI
SSO_URL=https://keycloak.fences.dsop.io/auth/realms/your-realm/protocol/saml
* The issuer URL
ISSUER_URL=https://keycloak.fences.dsop.io/auth/realms/your-realm
* The Client ID. THis is the name of the client in keycloak. For SAML you will need the x509 certificate for this Client
CLIENT_ID=il2_twistlock (or whatever your client name)
* X590 certificate from the keycloak client install download To imput this into twistlock by teh web page or by the api, be aware teh pem format is strictly enforced. If you are having issues, test the certificate using opensource tools. Ensure there are 3 lines in the cert; BEGIN/CRLF/Cert/CRLF/END
X_509_CERT="just the certificate"
1. Follow the keycloak instructions under docs/keycloak named `configure-keycloak.md` 1. Follow the keycloak instructions under docs/keycloak named `configure-keycloak.md`
...@@ -232,6 +240,6 @@ Setting up Prisma Cloud in Keycloak ...@@ -232,6 +240,6 @@ Setting up Prisma Cloud in Keycloak
*note: when SAML is added, the twistlock console will default to keycloak. If you need to bypass the saml auth process add "#!/login" the the end of the root url.* *note: when SAML is added, the twistlock console will default to keycloak. If you need to bypass the saml auth process add "#!/login" the the end of the root url.*
6. Create a twistlock user using the same name as in step 6. Create a twistlock user using the same name as in step 8 of keycloak setup.
7. There should be a "SAML box to select. If this selection is not visible, go to a different tab, then return to users. 7. There should be a "SAML box to select. If this selection is not visible, go to a different tab, then return to users.
docs/README.md
View file @ 8a817fd8
# Twistlock # Twistlock
## Licensing informaiton should not be in this repo ## Licensing information should not be in this repo
## Twistlock under DSOP ## Twistlock under DSOP
...@@ -86,11 +86,11 @@ if ! curl -k \ ...@@ -86,11 +86,11 @@ if ! curl -k \
exit 1 exit 1
fi fi
``` ```
Notes: curl has some difficulties with special charicters. During the initial setup using a password without special cahricters is recommended. This password needs to be changed to a complex password or the account removed when keycloak is integrated. Notes: curl has some difficulties with special characters. During the initial setup using a password without special characters is recommended. This password needs to be changed to a complex password or the account removed when keycloak is integrated.
#### Install Defender with Twistcli #### Install Defender with Twistcli
Defender can be installde from console, script or by command line. The twistlock CLI is provided as a part of the installation. This can be found in the Manage/System/Download. After download ensure the file is made executable. Defender can be installed from console, script or by command line. The twistlock CLI is provided as a part of the installation. This can be found in the Manage/System/Download. After download ensure the file is made executable.
``` ```
$ chmod +x twistcli $ chmod +x twistcli
``` ```
...@@ -285,6 +285,4 @@ Setting up Prisma Cloud in Keycloak ...@@ -285,6 +285,4 @@ Setting up Prisma Cloud in Keycloak
6. Create a twistlock user using the same name as in step 6. Create a twistlock user using the same name as in step
7. There should be a "SAML box to select. If this selection is not visible, go to a different tab, then return to users. 7. There should be a "SAML box to select. If this selection is not visible, go to a different tab, then return to users.
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

UNCLASSIFIED