From: Dimitris Kavvathas Date: Thu, 15 Sep 2022 15:46:12 +0000 (+0200) Subject: SONAR-17303 Update SAML documentation X-Git-Tag: 9.7.0.61563~210 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=51d9d9dc532bff0fcfcc871dd02a117fba570aa2;p=sonarqube.git SONAR-17303 Update SAML documentation --- diff --git a/server/sonar-docs/src/images/azure/saml-azure-sq-appid.png b/server/sonar-docs/src/images/azure/saml-azure-sq-appid.png index 1794ff2acf9..71c6040bf01 100644 Binary files a/server/sonar-docs/src/images/azure/saml-azure-sq-appid.png and b/server/sonar-docs/src/images/azure/saml-azure-sq-appid.png differ diff --git a/server/sonar-docs/src/images/azure/saml-azure-sq-attributes.png b/server/sonar-docs/src/images/azure/saml-azure-sq-attributes.png index ba9481bf700..37433ca7152 100644 Binary files a/server/sonar-docs/src/images/azure/saml-azure-sq-attributes.png and b/server/sonar-docs/src/images/azure/saml-azure-sq-attributes.png differ diff --git a/server/sonar-docs/src/images/azure/saml-azure-sq-certificate.png b/server/sonar-docs/src/images/azure/saml-azure-sq-certificate.png index 29f4c190128..819a1d1d923 100644 Binary files a/server/sonar-docs/src/images/azure/saml-azure-sq-certificate.png and b/server/sonar-docs/src/images/azure/saml-azure-sq-certificate.png differ diff --git a/server/sonar-docs/src/images/azure/saml-azure-sq-certs.png b/server/sonar-docs/src/images/azure/saml-azure-sq-certs.png index 407bb40e032..6c89d54bc78 100644 Binary files a/server/sonar-docs/src/images/azure/saml-azure-sq-certs.png and b/server/sonar-docs/src/images/azure/saml-azure-sq-certs.png differ diff --git a/server/sonar-docs/src/images/azure/saml-azure-sq-encryption.png b/server/sonar-docs/src/images/azure/saml-azure-sq-encryption.png index 7b5a8885b9d..b7ab8529f5e 100644 Binary files a/server/sonar-docs/src/images/azure/saml-azure-sq-encryption.png and b/server/sonar-docs/src/images/azure/saml-azure-sq-encryption.png differ diff --git a/server/sonar-docs/src/images/azure/saml-azure-sq-group-role.png b/server/sonar-docs/src/images/azure/saml-azure-sq-group-role.png index 0178874a050..1445923df1c 100644 Binary files a/server/sonar-docs/src/images/azure/saml-azure-sq-group-role.png and b/server/sonar-docs/src/images/azure/saml-azure-sq-group-role.png differ diff --git a/server/sonar-docs/src/images/azure/saml-azure-sq-groups.png b/server/sonar-docs/src/images/azure/saml-azure-sq-groups.png index c99e3ed8939..c7d7de342b2 100644 Binary files a/server/sonar-docs/src/images/azure/saml-azure-sq-groups.png and b/server/sonar-docs/src/images/azure/saml-azure-sq-groups.png differ diff --git a/server/sonar-docs/src/images/azure/saml-azure-sq-links.png b/server/sonar-docs/src/images/azure/saml-azure-sq-links.png index f38a171b17d..d592a1a9da9 100644 Binary files a/server/sonar-docs/src/images/azure/saml-azure-sq-links.png and b/server/sonar-docs/src/images/azure/saml-azure-sq-links.png differ diff --git a/server/sonar-docs/src/images/azure/saml-azure-sq-saml.png b/server/sonar-docs/src/images/azure/saml-azure-sq-saml.png index dabad676d27..04ae001a8da 100644 Binary files a/server/sonar-docs/src/images/azure/saml-azure-sq-saml.png and b/server/sonar-docs/src/images/azure/saml-azure-sq-saml.png differ diff --git a/server/sonar-docs/src/pages/instance-administration/authentication/saml/overview.md b/server/sonar-docs/src/pages/instance-administration/authentication/saml/overview.md index a12288ea91d..1122f01ad51 100644 --- a/server/sonar-docs/src/pages/instance-administration/authentication/saml/overview.md +++ b/server/sonar-docs/src/pages/instance-administration/authentication/saml/overview.md @@ -23,21 +23,25 @@ The SonarQube certificate is optional, but ensures that only SonarQube can use t ## Settings -Property| Description | Default value | Required ----|------------------------------------------------------------------------------------------------------------------------------------|-----------|-------------------------------------------------------------------------- -`sonar.auth.saml.enabled`| Is SAML authentication enabled on SonarQube? | | Yes -`sonar.auth.saml.applicationId`| The ID under which SonarQube is known by the Identity Provider. | sonarqube | Yes -`sonar.auth.saml.providerName`| Name of the Identity Provider displayed in the login page when SAML authentication is active. | SAML | Yes -`sonar.auth.saml.providerId`| The ID of the Identity Provider. | | Yes -`sonar.auth.saml.loginUrl`| The Url where the Identity Provider expect to receive SAML requests. | | Yes -`sonar.auth.saml.certificate.secured`| The public X.509 certificate used by the Identity Provider to authenticate SAML messages. | | Yes -`sonar.auth.saml.user.login`| The name of the attribute where the Identity Provider will put the authenticated user login. | | Yes -`sonar.auth.saml.user.name`| The name of the attribute where the Identity Provider will put the authenticated user name. | | Yes -`sonar.auth.saml.user.email`| The name of the attribute where the Identity Provider will put the authenticated user email. | | No -`sonar.auth.saml.group.name`| The attribute defining the user group in SAML. Users are associated to the default group if this attribute is not defined. | | No -`sonar.auth.saml.signature.enabled`| Is SonarQube expected to sign the SAML requests? If enabled both the service provider private key and certificate must be provided. | | No -`sonar.auth.saml.sp.privateKey.secured`| The PKCS8 private key without password used by SonarQube to sign SAML messages and to decrypt encrypted SAML responses. | | Only if SonarQube requests signature or responses encryption is enabled. -`sonar.auth.saml.sp.certificate.secured`| The public key part of the previously provided private key. | | Only if SonarQube requests signature is enabled. +| Property | UI Name | Description | Required | +|------------------------------------------|-------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------| +| `sonar.auth.saml.enabled` | Enabled | Controls whether SAML authentication is enabled on SonarQube. | Yes | +| `sonar.auth.saml.applicationId` | Application ID | The ID under which SonarQube is known to the Identity Provider. | Yes | +| `sonar.auth.saml.providerName` | Provider Name | The name of the Identity Provider displayed in the login page when SAML authentication is active. | Yes | +| `sonar.auth.saml.providerId` | Provider ID | The ID of the Identity Provider. | Yes | +| `sonar.auth.saml.loginUrl` | SAML login url | The URL at which the Identity Provider expects to receive SAML requests. | Yes | +| `sonar.auth.saml.certificate.secured` | Identity provider certificate | The public X.509 certificate used by the Identity Provider to authenticate SAML messages. | Yes | +| `sonar.auth.saml.user.login` | SAML user login attribute | The name of the attribute that the Identity Provider will use to store the authenticated user login. | Yes | +| `sonar.auth.saml.user.name` | SAML user name attribute | The name of the attribute that the Identity Provider will use to store the authenticated user name. | Yes | +| `sonar.auth.saml.user.email` | SAML user email attribute | The name of the attribute that the Identity Provider will use to store the authenticated user email. | No | +| `sonar.auth.saml.group.name` | SAML group attribute | The attribute defining the user group in SAML. If this attribute is not defined, users are associated with the default group. | No | +| `sonar.auth.saml.signature.enabled` | Sign requests | Controls whether SonarQube is expected to sign the SAML requests. If enabled, both the service provider's private key and certificate must be provided. | No | +| `sonar.auth.saml.sp.privateKey.secured` | Service provider private key | The PKCS8 private key without password used by SonarQube to sign SAML requests and to decrypt encrypted SAML responses. | This is only required if `sonar.auth.saml.signature.enabled` is set to `true` or the Identity Provider sends encrypted SAML responses. | +| `sonar.auth.saml.sp.certificate.secured` | Service provider certificate | The public key part of the previously provided private key. | This is only required if `sonar.auth.saml.signature.enabled` is set to `true`. | + +### Testing +After all the mandatory settings are filled, the SAML integration with the Identity Provider can be tested by clicking the **Test configuration** button. +A new tab will open with more information regarding the success of the integration, attributes received from the Identity Provider, and any warnings or errors that occur. ## SAML configuration related information and limitations