From 3eeb15ab739dc67d135128142a37b8c75635a8d1 Mon Sep 17 00:00:00 2001 From: Philippe Perrin Date: Tue, 13 Sep 2022 16:43:34 +0200 Subject: [PATCH] SONAR-17230 Improve Okta documentation --- .../authentication/saml/keycloak.md | 2 ++ .../authentication/saml/okta.md | 14 +++++++++++--- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/server/sonar-docs/src/pages/instance-administration/authentication/saml/keycloak.md b/server/sonar-docs/src/pages/instance-administration/authentication/saml/keycloak.md index 58e0b6eea74..4a2070962e3 100644 --- a/server/sonar-docs/src/pages/instance-administration/authentication/saml/keycloak.md +++ b/server/sonar-docs/src/pages/instance-administration/authentication/saml/keycloak.md @@ -5,6 +5,8 @@ url: /instance-administration/authentication/saml/keycloak/ The following content may be useful if you're using Keycloak as a SAML Identity Provider. +To integrate Keycloak (Identity Provider) with SonarQube (Service Provider), both sides need to be configured. + ## Keycloak server configuration Create a new SAML client diff --git a/server/sonar-docs/src/pages/instance-administration/authentication/saml/okta.md b/server/sonar-docs/src/pages/instance-administration/authentication/saml/okta.md index 4b8845ecc77..4e61ab7a19c 100644 --- a/server/sonar-docs/src/pages/instance-administration/authentication/saml/okta.md +++ b/server/sonar-docs/src/pages/instance-administration/authentication/saml/okta.md @@ -6,6 +6,7 @@ url: /instance-administration/authentication/saml/okta/ The following example may be useful if you are using Okta as a SAML Identity Provider. Note that Okta does not support service provider signed requests even if they are enabled on the SonarQube side. +To integrate Okta (Identity Provider) with SonarQube (Service Provider), both sides need to be configured. ## Create a new application in Okta admin dashboard @@ -30,6 +31,14 @@ Under *General Settings*, configure the following fields: ![SAML settings](/images/okta/okta-saml-settings.png) +Assertion signature is mandatory. You must keep the following default settings in *Show Advanced Settings*: + +- **Response**: Choose *Signed*. + +- **Assertion Signature**: Choose *Signed*. + +- **Signature Algorithm**: Choose *RSA-SHA256*. + (Optional) If you want to enable assertion encryption, expand *Show Advanced Settings* and configure the following fields: - **Assertion Encryption**: Choose *Encrypted*. @@ -38,7 +47,7 @@ Under *General Settings*, configure the following fields: - **Key Transport Algorithm**: Choose *RSA-OAEP*. -- **Encryption Certificate**: Add the service provider certificate. It should be the same certificate as that found in the SonarQube SAML settings under "Service provider certificate". +- **Encryption Certificate**: Add the service provider certificate. It should be the same certificate as the one found in the SonarQube SAML settings under "Service provider certificate". ![Encryption attributes](/images/okta/okta-encryption-attributes.png) @@ -86,8 +95,7 @@ You can now add users and groups in the *Assignments* tab of the application. ![Assign users](/images/okta/okta-assign-users.png) - -After the application creation, navigate to the **Sign On** tab of the *SonarQube* application in Okta. +Navigate to the **Sign On** tab of the *SonarQube* application in Okta. ![Signon tab](/images/okta/okta-signon.png) -- 2.39.5