changes.
| h1. Purpose |
| |
| This tutorial demonstrates how to set up QuickBuild to authenticate via Azure AD using SAML protocol |
| |
| h1. Assumptions |
| |
| # QuickBuild is accessed via https://build.example.com |
| |
| h1. Steps |
| # Create an application in Azure AD: |
| !create-app.png! |
| # Assign users/groups to created application |
| !assign-users.png! |
| # Open SAML SSO setup page: |
| !saml-sso.png! |
| # Edit basic SAML configuration, change _Identifier_ as _https://build.example.com/saml_, and _Reply URL_ as _https://build.example.com/sso-login_, and then save the setting: |
| !basic-saml-setting.png! |
| !basic-saml-setting2.png! |
| # Edit user attributes and claims to add group claim: |
| !edit-attributes.png! |
| !edit-attributes2.png! |
| # Download and save the Idp meta data: |
| !download-metadata.png! |
| # Login to QuickBuild, navigate to page _Administration/Security Setting_ and select _SSO via SAML2_ as _SSO Provider_. Paste content of downloaded metadata from above step into field _IdP Metadata_ |
| # Run below commands to generate SP private key and self-signed SP certificate: |
| {code} |
| openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout sp-key.pem -out sp-cert.crt |
| openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in sp-key.pem -out sp-key-pkcs8.pem |
| {code} |
| Copy content of file _sp-key-pkcs8.pem_ into field _SP Private Key_, and content of file _sp-cert.crt_ into field _SP Cert_ |
| # Continue to specify below fields in SAML setting: |
| #* Email Attribute: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress |
| | #* Full Name Attribute: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/displayname |
| | #* Full Name Attribute: http://schemas.microsoft.com/identity/claims/displayname |
| #* Group Names Attribute: http://schemas.microsoft.com/ws/2008/06/identity/claims/groups |
| # Specify a default group if necessary and save the setting |
| # Navigate to _Group Management_ page and define groups with same name as we've defined in Azure AD, and assign appropriate permissions |
| # Navigate to page _Administration/System Setting_, and make sure property _Url to Access QuickBuild_ is specified as _https://build.example.com_ |
| # Now logout and visit _https://build.example.com_ (make sure to visit the url specified in system setting), the sign in page should display a SSO login button |
| !sso-signin.png! |
| # Click this button and you will be taken to Azure AD for authentication. If authenticated successfully, you will be logged into QuickBuild. |
| {note}You can still login to QuickBuild with normal user/password without clicking the SSO button{note} |