SonarQube

miniOrange has developed a better and more robust SAML Single Sign On plugin for SonarQube, the most recommended code analytics platform. SonarQube is one of the most popular code inspection tools and loved by developers and companies all around the world for its simplicity, precision, and verbosity of the analysis. For adding its value, miniOrange's SonarQube SAML Single Sign On plugin brings seamless SSO experience to the SonarQube users

miniOrange has developed a SAML SP which is not only more flexible but also has a lot more features. We also have overcome, the limitations of the existing SAML plugin.

• Signed Request: The miniOrange's SAML SSO Plugin for SonarQube is capable to send digitally signed requests to IdP and also handle signed responses from the IdP.
• Encrypted Assertion: It's IdP dependant feature, where IdP encrypts the assertion for security. The plugin is capable to handle encrypted response.

A list of all features with description is given below. By using such, rich-in-features, plugin your team can focus on writing and developing better code while we take care of their secure Single Sign On.

SonarQube Single Sign On (SSO) Plugin

SAML Single Sign On (SSO) for SonarQube package acts as a SAML Service Provider which can be configured to establish the trust between the plugin and SAML capable Identity Providers to securely authenticate the user to the SonarQube application.

SAML Single Sign On (SSO) for SonarQube allows users to sign into SonarQube Server with your SAML 2.0 capable Identity Provider. We support all known IdPs - miniOrange, Google Apps, ADFS, Okta, OneLogin, Azure AD, Salesforce, Shibboleth, SimpleSAMLphp, OpenAM, Centrify, PingOne, RSA, Oracle, Bitium, etc.

Features of SonarQube SAML SSO Plugin

Feature	Description	Availability
On-the-fly User Creation	Auto-create users in SonarQube after SSO, if the user is not already present in SonarQube.	Free
SSO Binding Types	We have support for HttpRedirect binding and HttpPost binding types: HttpRedirect: The SAML Request message is sent as a GET request to IdP when HTTP-Redirect is selected. HttpPost: The SAML Request message is sent as a POST request to IdP when HTTP-Post is selected.	Free
Signed Request	We support the signed login request sent to the IdP, which provides an additional security layer.	Free
Encrypted Assertion	Seamlessly works with IdP which supports Encrypted Assertion.	Free
Test Configuration	Using this feature, you can easily validate your SAML response and data.	Free
Force Authentication	User will be forced to re-authenticate with Identity Provider (IdP) when he accesses the SonarQube Instance, irrespective of the SSO session at IdP.	Free
Group Mapping	It will map user's group attributes receiving from IdP with the groups present in SonarQube.	Free
Supported IdPs	We have support for all the Identity Providers (IdPs) like ADFS, OKTA, Azure AD, OneLogin, etc and many more. Find setup guidelines for your IdP below.	Free
Import IdP Metadata Using File/URL/Text	Import IdP metadata dynamically instead of manually copying them.	Premium
Auto Redirect to IdP	Auto redirection takes the user to the IdP's login page instead of showing the default login page.	Premium
Import & Export Plugin Configurations	Export your configuration in file format, So after upgrading versions or changing platform you can easily import them. Even in case of troubleshooting, share configuration with us, so we could provide proper technical support.	Premium
Multiple IdP Support	Configure and use more than one IdP at a time.	Premium
NameID Formats	NameID is a unique identifier of the user. Some IdPs require a specific NameID format for SSO to work properly.	Premium
On-the-fly Group Mapping	The app will assign users to groups or create new groups during SSO. In order to use this method, the Group Attribute field is required.	Premium
Certificate Rollover	In the situation where the IdP Signing certificate is changed on a periodic basis, the plugin can be configured to ping the IdP’s metadata URL at configured time intervals and update the configured Signing Certificate.	Premium
Customize SP Certificates	You can have your own customized Public and Private certificates, which will enhance the security even more.	Premium
Single Logout	We provide the SP Initiated Single Logout feature. It will log out you from both SonarQube as well as your Identity Provider.	Premium
SLO Binding Types	We have provided two binding types for Single Logout operation. HTTP Redirect and HTTP Post.	Premium
Customize Login, Logout and Error Template	These features provide an option to design your own login, logout, and error handling page for the Application.	Premium

Download

Download plugin from below link and follow the given instructions to setup plugin in SonarQube environment.

• SonarQube SAML SSO plugin

Setup Instructions

• Download plugin from above link.
• Locate .../extensions/plugins directory in your SonarQube installation folder.
• Deploy downloaded plugin(.jar) file in .../plugins folder located above.
• Restart SonarQube-Server and login into your admin account to configure plugin.

Guidelines for IdP Configuration

• Find your Identity Provider(IdP) from below list and follow the link for its setup guidelines.

ADFS	Auth0	AuthAnvil
Azure AD	Bitium	CA Identity
Centrify	Google Apps	KeyClock
miniOrange	Okta	OneLogin
OpenAM	Oracle	PingFederation
PingOne	RSA SecureID	SalesForce
Shibboleth2	Shibboleth3	SimpleSAML

If you can't find your IdP in above list, follow the general configuration steps given below.

• Pre-requisite
• Before you configure the plugin, you have to configure Service Provider's details at the IdP side.
• To get SP details, go to Support Page located at Administration >>Configuration >>miniOrange SAML Support within SonarQube Application.
• Once you configured the SP, gather following details from the IdP Metadata.
1. IdP Entity Id
2. Login URL
3. X.509 Certificate






• IdP Configuration
• Provide a name for your IdP (it can be anything that you want).
• Copy the deatils we gathered from IdP Metadata, i.e. IdP Entity ID, Login URL, x.509 Certificate.
• Paste those details one by one, in corresponding textboxes.




• To check your configuration go to Support Page located at Administration >>Configuration >>miniOrange SAML Support and then click Test Configuration.




• Configure Attribute Mapping
• To map the attributes find required Attribute Names from Test Configuration result.
• Copy and paste them in corresponding mapping field.





• Additional SAML Settings
• Allow Sign Up allows to sign up if the user is not already present in SonarQube.
• Sign Request allows to send digitally signed SSO request to the IdP.
• Login Binding Type allows you to select the type of request method.
• Force Authentication feature forces the user to get authenticated each time, with IdP, to avoide misuse of unattended user session.
• Force Authentication is IdP dependant feature, i.e. it works with supported IdP only.