miniOrange has developed a better and more robust SAML Single Sign On plugin for SonarQube, the most recommended code analytics platform. SonarQube is one of the most popular code inspection tools and loved by developers and companies all around the world for its simplicity, precision, and verbosity of the analysis. For adding its value, miniOrange's SonarQube SAML Single Sign On plugin brings seamless SSO experience to the SonarQube users
miniOrange has developed a SAML SP module which is not only more flexible but also has a lot more features. We also have overcome, the limitations of the existing SAML plugin.
- Signed Request: The miniOrange's SAML SSO Plugin for SonarQube is capable to send digitally signed requests to the IDP.
- Encrypted Assertion: It's IDP dependent feature, where IDP provides encrypted assertion for security. The plugin is capable to handle an encrypted response.
A list of all features with description is given below. By using such rich-in-features plugin your team can focus on writing and developing better code while we take care of their secure Single Sign On.
SonarQube Single Sign On (SSO) Plugin
SAML Single Sign On (SSO) for SonarQube package acts as a SAML Service Provider which can be configured to establish the trust between the plugin and SAML capable Identity Providers to securely authenticate the user to the SonarQube application.
SAML Single Sign On (SSO) for SonarQube allows users to sign into SonarQube Server with your SAML 2.0 capable Identity Provider. We support all known IDPs - miniOrange, Google Apps, ADFS, Okta, OneLogin, Azure AD, Salesforce, Shibboleth, SimpleSAMLphp, OpenAM, Centrify, PingOne, RSA, Oracle, Bitium, etc.
Features of SonarQube SAML SSO Plugin
|On-the-fly User Creation
||Allows to auto-create users in the SonarQube after SSO, if the user is not already present in the SonarQube.
|User Profile Mapping
||You can easily map your user's profile attributes as per the IDP response.
|SSO Binding Types
||We have support for HttpRedirect and HttpPost types:
- HttpRedirect: The SAML Request message is sent as a GET request to IDP when HTTP-Redirect is selected.
- HttpPost: The SAML Request message is sent as a POST request to IDP when HTTP-Post is selected.
||Using this feature, you can easily verify your configurations and validate the SAML response from the IDP.
||We have support for 20+ Identity Providers (IDPs) like ADFS, OKTA, Azure AD, OneLogin, and many more.
Find setup guides for your Identity Provider here.
||We support the signed login request, to be sent to the IDP, which provides an additional security layer in SSO.
||The plugin seamlessly works with the IDP which supports Encrypted Assertion.
|On-The-Fly Group Mapping
||Users will get automatically assigned to the SonarQube groups as per the groups they belong to on the IDP.
Just provide Group Attribute name and rest will be handled by the plugin.
Group names in the SonarQube required to be the same as group names in the IDP.
||This feature ensures that user get authenticated at IDP on every SSO, even if the user is having an existing IDP session.
|Auto Redirect to IDP
||Auto redirection takes the user to the IDP's login page instead of showing SonarQube's default login page.
||Allows you to choose NameID format as per your IDP supported format. By default it is set to unspecified.
|Manual Group Mapping
||You can easily map your IDP groups with the existing groups in SonarQube..
||We provide the SP initiated single logout feature. It will log out you from both SonarQube as well as your Identity Provider.
|SLO Binding Types
||We have provided two binding types for Single Logout operation.
|Customize SP Certificates
||You can use your own certificates for enabling encryption and signing in your Identity Provider.
|Multiple IDP Support
||You can setup SSO with multiple IDPs, so that managing different user groups OR user store becomes more convenient.
||It allows you to enable auto-update of the IDP certificate if your IDP is supporting certificate rollover feature.
|Import IDP Metadata Using File/URL/Text
||Import IDP metadata dynamically instead of manually copying them.
|Import & Export Plugin Configurations
||Export your configuration in file format, So after upgrading versions or changing platform you can easily import them. Even in case of troubleshooting, share configuration with us, so we could provide proper technical support.
|Customize Login, Logout and Error Template
||It allows you to use custom templates for Login, Logout and Error pages.
Download plugin from below link and follow the given instructions to setup plugin in SonarQube environment.
- Download plugin from above link.
- Locate .../extensions/plugins directory in your SonarQube installation folder.
- Deploy downloaded plugin(.jar) file in .../plugins folder located above.
- Restart SonarQube-Server and login into your admin account to configure plugin.
Guidelines for IDP Configuration
- Find your Identity Provider(IDP) from below list and follow the link for its setup guidelines.
If you can't find your IDP in above list, follow the general configuration steps given below.
- Before you configure the plugin, you have to configure Service Provider's details at the IDP side.
- To get SP details, go to Support Page located at Administration >>Configuration >>miniOrange SAML Support within SonarQube Application.
- Once you configured the SP, gather following details from the IDP Metadata.
1. IDP Entity Id
2. Login URL
3. X.509 Certificate
- Provide a name for your IDP (it can be anything that you want).
- Copy the details we gathered from IDP Metadata, i.e. IDP Entity ID, Login URL, X.509 Certificate.
- Paste those details one by one, in corresponding text boxes.
Configure Attribute Mapping
- To check your configuration go to Support Page located at Administration >>Configuration >>miniOrange SAML Support and then click Test Configuration.
Additional SAML Settings
- To map the attributes find required Attribute Names from Test Configuration result.
- Copy and paste them in corresponding mapping field.
- Allow Sign Up allows to sign up if the user is not already present in SonarQube.
- Sign Request allows to send digitally signed SSO request to the IDP.
- Login Binding Type allows you to select the type of SSO request method.
- Force Authentication feature forces the user to get authenticated at IDP while doing SSO into the SonarQube, regardless the existing IDP session.
- Force Authentication is IDP dependent feature, i.e. it works with supported IDP only.