SonarQube

miniOrange has developed a better and more robust SAML Single Sign On plugin for SonarQube, the most recommended code analytics platform. SonarQube is one of the most popular code inspection tools and loved by developers and companies all around the world for its simplicity, precision, and verbosity of the analysis. For adding its value, miniOrange's SonarQube SAML Single Sign On plugin brings seamless SSO experience to the SonarQube users

miniOrange has developed a SAML SP module which is not only more flexible but also has a lot more features. We also have overcome, the limitations of the existing SAML plugin.

• Signed Request: The miniOrange's SAML SSO Plugin for SonarQube is capable to send digitally signed requests to the IDP.
• Encrypted Assertion: It's IDP dependent feature, where IDP provides encrypted assertion for security. The plugin is capable to handle an encrypted response.

A list of all features with description is given below. By using such rich-in-features plugin your team can focus on writing and developing better code while we take care of their secure Single Sign On.

SonarQube Single Sign On (SSO) Plugin

SAML Single Sign On (SSO) for SonarQube package acts as a SAML Service Provider which can be configured to establish the trust between the plugin and SAML capable Identity Providers to securely authenticate the user to the SonarQube application.

SAML Single Sign On (SSO) for SonarQube allows users to sign into SonarQube Server with your SAML 2.0 capable Identity Provider. We support all known IDPs - miniOrange, Google Apps, ADFS, Okta, OneLogin, Azure AD, Salesforce, Shibboleth, SimpleSAMLphp, OpenAM, Centrify, PingOne, RSA, Oracle, Bitium, etc.

Features of SonarQube SAML SSO Plugin

.

Feature	Description	Availability
On-the-fly User Creation	Allows to auto-create users in the SonarQube after SSO, if the user is not already present in the SonarQube.	Free
User Profile Mapping	You can easily map your user's profile attributes as per the IDP response.	Free
SSO Binding Types	We have support for HttpRedirect and HttpPost types: HttpRedirect: The SAML Request message is sent as a GET request to IDP when HTTP-Redirect is selected. HttpPost: The SAML Request message is sent as a POST request to IDP when HTTP-Post is selected.	Free
Test Configuration	Using this feature, you can easily verify your configurations and validate the SAML response from the IDP.	Free
Supported IDPs	We have support for 20+ Identity Providers (IDPs) like ADFS, OKTA, Azure AD, OneLogin, and many more. Find setup guides for your Identity Provider here.	Free
Signed Request	We support the signed login request, to be sent to the IDP, which provides an additional security layer in SSO.	Premium
Encrypted Assertion	The plugin seamlessly works with the IDP which supports Encrypted Assertion.	Premium
On-The-Fly Group Mapping	Users will get automatically assigned to the SonarQube groups as per the groups they belong to on the IDP. Just provide Group Attribute name and rest will be handled by the plugin. Group names in the SonarQube required to be the same as group names in the IDP.	Premium
Force Authentication	This feature ensures that user get authenticated at IDP on every SSO, even if the user is having an existing IDP session.	Premium
Auto Redirect to IDP	Auto redirection takes the user to the IDP's login page instead of showing SonarQube's default login page.	Premium
NameID Formats	Allows you to choose NameID format as per your IDP supported format. By default it is set to unspecified.	Premium
Manual Group Mapping	You can easily map your IDP groups with the existing groups in SonarQube.	Premium
Single Logout	We provide the SP initiated single logout feature. It will log out you from both SonarQube as well as your Identity Provider.	Premium
SLO Binding Types	We have provided two binding types for Single Logout operation. HTTP Redirect HTTP Post	Premium
Customize SP Certificates	You can use your own certificates for enabling encryption and signing in your Identity Provider.	Premium
Multiple IDP Support	You can setup SSO with multiple IDPs, so that managing different user groups OR user store becomes more convenient.	Coming Soon
Certificate Rollover	It allows you to enable auto-update of the IDP certificate if your IDP is supporting certificate rollover feature.	Coming Soon
Import IDP Metadata Using File/URL/Text	Import IDP metadata dynamically instead of manually copying them.	Coming Soon
Import & Export Plugin Configurations	Export your configuration in file format, So after upgrading versions or changing platform you can easily import them. Even in case of troubleshooting, share configuration with us, so we could provide proper technical support.	Coming Soon
Customize Login, Logout and Error Template	It allows you to use custom templates for Login, Logout and Error pages.	Coming Soon

Download

Download plugin from below link and follow the given instructions to setup plugin in SonarQube environment.

• SonarQube SAML SSO plugin

Setup Instructions

• Download plugin from above link.
• Locate .../extensions/plugins directory in your SonarQube installation folder.
• Deploy downloaded plugin(.jar) file in .../plugins folder located above.
• Restart SonarQube-Server and login into your admin account to configure plugin.

Guidelines for IDP Configuration

• Find your Identity Provider(IDP) from below list and follow the link for its setup guidelines.

ADFS	Auth0	AuthAnvil
Azure AD	Bitium	CA Identity
Centrify	Google Apps	KeyClock
miniOrange	Okta	OneLogin
OpenAM	Oracle	PingFederation
PingOne	RSA SecureID	SalesForce
Shibboleth2	Shibboleth3	SimpleSAML

If you can't find your IDP in above list, follow the general configuration steps given below.

• Pre-requisite
• Before you configure the plugin, you have to configure Service Provider's details at the IDP side.
• To get SP details, go to Support Page located at Administration >>Configuration >>miniOrange SAML Support within SonarQube Application.
• Once you configured the SP, gather following details from the IDP Metadata.
1. IDP Entity Id
2. Login URL
3. X.509 Certificate






• IDP Configuration
• Provide a name for your IDP (it can be anything that you want).
• Copy the details we gathered from IDP Metadata, i.e. IDP Entity ID, Login URL, X.509 Certificate.
• Paste those details one by one, in corresponding text boxes.




• To check your configuration go to Support Page located at Administration >>Configuration >>miniOrange SAML Support and then click Test Configuration.




• Configure Attribute Mapping
• To map the attributes find required Attribute Names from Test Configuration result.
• Copy and paste them in corresponding mapping field.





• Additional SAML Settings
• Allow Sign Up allows to sign up if the user is not already present in SonarQube.
• Sign Request allows to send digitally signed SSO request to the IDP.
• Login Binding Type allows you to select the type of SSO request method.
• Force Authentication feature forces the user to get authenticated at IDP while doing SSO into the SonarQube, regardless the existing IDP session.
• Force Authentication is IDP dependent feature, i.e. it works with supported IDP only.