miniOrange has developed a better and more robust SAML Single Sign On plugin for SonarQube, the most recommended code analytics platform. SonarQube is one of the most popular code inspection tools and loved by developers and companies all around the world for its simplicity, precision, and verbosity of the analysis. For adding its value, miniOrange's SonarQube SAML Single Sign On plugin brings seamless SSO experience to the SonarQube users
miniOrange has developed a SAML SP which is not only more flexible but also has a lot more features. We also have overcome, the limitations of the existing SAML plugin.
- Signed Request: The miniOrange's SAML SSO Plugin for SonarQube is capable to send digitally signed requests to IdP and also handle signed responses from the IdP.
- Encrypted Assertion: It's IdP dependant feature, where IdP encrypts the assertion for security. The plugin is capable to handle encrypted response.
A list of all features with description is given below. By using such, rich-in-features, plugin your team can focus on writing and developing better code while we take care of their secure Single Sign On.
SonarQube Single Sign On (SSO) Plugin
SAML Single Sign On (SSO) for SonarQube package acts as a SAML Service Provider which can be configured to establish the trust between the plugin and SAML capable Identity Providers to securely authenticate the user to the SonarQube application.
SAML Single Sign On (SSO) for SonarQube allows users to sign into SonarQube Server with your SAML 2.0 capable Identity Provider. We support all known IdPs - miniOrange, Google Apps, ADFS, Okta, OneLogin, Azure AD, Salesforce, Shibboleth, SimpleSAMLphp, OpenAM, Centrify, PingOne, RSA, Oracle, Bitium, etc.
Features of SonarQube SAML SSO Plugin
|On-the-fly User Creation
||Auto-create users in SonarQube after SSO, if the user is not already present in SonarQube.
|SSO Binding Types
||We have support for HttpRedirect binding and HttpPost binding types:
- HttpRedirect: The SAML Request message is sent as a GET request to IdP when HTTP-Redirect is selected.
- HttpPost: The SAML Request message is sent as a POST request to IdP when HTTP-Post is selected.
||We support the signed login request sent to the IdP, which provides an additional security layer.
||Seamlessly works with IdP which supports Encrypted Assertion.
||Using this feature, you can easily validate your SAML response and data.
||User will be forced to re-authenticate with Identity Provider (IdP) when he accesses the SonarQube Instance, irrespective of the SSO session at IdP.
|| It will map user's group attributes receiving from IdP with the groups present in SonarQube.
||We have support for all the Identity Providers (IdPs) like ADFS, OKTA, Azure AD, OneLogin, etc and many more.
Find setup guidelines for your IdP below.
|Import IdP Metadata Using File/URL/Text
||Import IdP metadata dynamically instead of manually copying them.
|Auto Redirect to IdP
||Auto redirection takes the user to the IdP's login page instead of showing the default login page.
|Import & Export Plugin Configurations
||Export your configuration in file format, So after upgrading versions or changing platform you can easily import them. Even in case of troubleshooting, share configuration with us, so we could provide proper technical support.
|Multiple IdP Support
||Configure and use more than one IdP at a time.
||NameID is a unique identifier of the user. Some IdPs require a specific NameID format for SSO to work properly.
|On-the-fly Group Mapping
||The app will assign users to groups or create new groups during SSO. In order to use this method, the Group Attribute field is required.
||In the situation where the IdP Signing certificate is changed on a periodic basis, the plugin can be configured to ping the IdP’s metadata URL at configured time intervals and update the configured Signing Certificate.
|Customize SP Certificates
||You can have your own customized Public and Private certificates, which will enhance the security even more.
||We provide the SP Initiated Single Logout feature. It will log out you from both SonarQube as well as your Identity Provider.
|SLO Binding Types
||We have provided two binding types for Single Logout operation.
HTTP Redirect and HTTP Post.
|Customize Login, Logout and Error Template
||These features provide an option to design your own login, logout, and error handling page for the Application.
Download plugin from below link and follow the given instructions to setup plugin in SonarQube environment.
- Download plugin from above link.
- Locate .../extensions/plugins directory in your SonarQube installation folder.
- Deploy downloaded plugin(.jar) file in .../plugins folder located above.
- Restart SonarQube-Server and login into your admin account to configure plugin.
Guidelines for IdP Configuration
- Find your Identity Provider(IdP) from below list and follow the link for its setup guidelines.
If you can't find your IdP in above list, follow the general configuration steps given below.
- Before you configure the plugin, you have to configure Service Provider's details at the IdP side.
- To get SP details, go to Support Page located at Administration >>Configuration >>miniOrange SAML Support within SonarQube Application.
- Once you configured the SP, gather following details from the IdP Metadata.
1. IdP Entity Id
2. Login URL
3. X.509 Certificate
- Provide a name for your IdP (it can be anything that you want).
- Copy the deatils we gathered from IdP Metadata, i.e. IdP Entity ID, Login URL, x.509 Certificate.
- Paste those details one by one, in corresponding textboxes.
Configure Attribute Mapping
- To check your configuration go to Support Page located at Administration >>Configuration >>miniOrange SAML Support and then click Test Configuration.
Additional SAML Settings
- To map the attributes find required Attribute Names from Test Configuration result.
- Copy and paste them in corresponding mapping field.
- Allow Sign Up allows to sign up if the user is not already present in SonarQube.
- Sign Request allows to send digitally signed SSO request to the IdP.
- Login Binding Type allows you to select the type of request method.
- Force Authentication feature forces the user to get authenticated each time, with IdP, to avoide misuse of unattended user session.
- Force Authentication is IdP dependant feature, i.e. it works with supported IdP only.