You are viewing an old version (v. 1) of this page.
The latest version is v. 3, last edited on Feb 14, 2021
(view differences
|
)
view page history | view next version >>
view page history | view next version >>
Purpose
This tutorial demonstrates how to set up QuickBuild to authenticate via Azure AD using SAML protocol
Assumptions
- QuickBuild is accessed via https://build.example.com
Steps
- Create an application in Azure AD:
- Assign users/groups to created application
- Open SAML SSO setup page:
- Edit basic SAML configuration, change Identifier as https://build.example.com/saml_, and _Reply URL as _https://build.example.com/sso-login_, and then save the setting:
- Edit user attributes and claims to add group claim:
- Download and save the Idp meta data:
- Login to QuickBuild, navigate to page Administration/Security Setting and select SSO via SAML2 as SSO Provider. Paste content of downloaded metadata from above step into field IdP Metadata
- Run below commands to generate SP private key and self-signed SP certificate:
openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout sp-key.pem -out sp-cert.crt openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in sp-key.pem -out sp-key-pkcs8.pem
Copy content of file sp-key-pkcs8.pem into field SP Private Key, and content of file sp-cert.crt into field SP Cert
- Specify below attributes:
- Email Attribute: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
- Full Name Attribute: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/displayname
- Group Names Attribute: http://schemas.microsoft.com/ws/2008/06/identity/claims/groups
- Email Attribute: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
- Specify a default group if necessary and save the setting
- Navigate to Group Management page and define groups with same name as we've defined in Azure AD, and assign appropriate permissions
- Navigate to page Administration/System Setting, and make sure property Url to Access QuickBuild is specified as _https://build.example.com_
- Now logout and visit _https://build.example.com_ (make sure to visit the url specified in system setting), the sign in page should display a SSO login button
- Click this button and you will be taken to Azure AD for authentication. If authenticated successfully, you will be logged into QuickBuild.
You can still login to QuickBuild with normal user/password without clicking the SSO button