This documentation relates to QuickBuild 11.0.x
Select here if you are using a different version

Single Sign-On with Azure AD (SAML)

Version 2 by Robin Shen
on Feb 14, 2021 08:33.

<< Changes from 1 to 2
compared with
Current by Robin Shen
on Feb 14, 2021 09:24.

 
Key
These lines were removed. This word was removed.
These lines were added. This word was added.

View page history


There are 1 changes. View first change.

 h1. Purpose
  
 This tutorial demonstrates how to set up QuickBuild to authenticate via Azure AD using SAML protocol
  
 h1. Assumptions
  
 # QuickBuild is accessed via https://build.example.com
  
 h1. Steps
 # Create an application in Azure AD:
  !create-app.png!
 # Assign users/groups to created application
  !assign-users.png!
 # Open SAML SSO setup page:
  !saml-sso.png!
 # Edit basic SAML configuration, change _Identifier_ as _https://build.example.com/saml_, and _Reply URL_ as _https://build.example.com/sso-login_, and then save the setting:
  !basic-saml-setting.png!
  !basic-saml-setting2.png!
 # Edit user attributes and claims to add group claim:
  !edit-attributes.png!
  !edit-attributes2.png!
 # Download and save the Idp meta data:
  !download-metadata.png!
 # Login to QuickBuild, navigate to page _Administration/Security Setting_ and select _SSO via SAML2_ as _SSO Provider_. Paste content of downloaded metadata from above step into field _IdP Metadata_
 # Run below commands to generate SP private key and self-signed SP certificate:
 {code}
 openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout sp-key.pem -out sp-cert.crt
 openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in sp-key.pem -out sp-key-pkcs8.pem
 {code}
 Copy content of file _sp-key-pkcs8.pem_ into field _SP Private Key_, and content of file _sp-cert.crt_ into field _SP Cert_
 # Continue to specify below fields in SAML setting:
 #* Email Attribute: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
  #* Full Name Attribute: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/displayname
  #* Full Name Attribute: http://schemas.microsoft.com/identity/claims/displayname
 #* Group Names Attribute: http://schemas.microsoft.com/ws/2008/06/identity/claims/groups
 # Specify a default group if necessary and save the setting
 # Navigate to _Group Management_ page and define groups with same name as we've defined in Azure AD, and assign appropriate permissions
 # Navigate to page _Administration/System Setting_, and make sure property _Url to Access QuickBuild_ is specified as _https://build.example.com_
 # Now logout and visit _https://build.example.com_ (make sure to visit the url specified in system setting), the sign in page should display a SSO login button
 !sso-signin.png!
 # Click this button and you will be taken to Azure AD for authentication. If authenticated successfully, you will be logged into QuickBuild.
 {note}You can still login to QuickBuild with normal user/password without clicking the SSO button{note}