View Source

h1. Purpose

This tutorial demonstrates how to set up QuickBuild to authenticate via Azure AD using SAML protocol

h1. Assumptions

# QuickBuild is accessed via

h1. Steps
# Create an application in Azure AD:
# Assign users/groups to created application
# Open SAML SSO setup page:
# Edit basic SAML configuration, change _Identifier_ as _, and _Reply URL_ as _, and then save the setting:
# Edit user attributes and claims to add group claim:
# Download and save the Idp meta data:
# Login to QuickBuild, navigate to page _Administration/Security Setting_ and select _SSO via SAML2_ as _SSO Provider_. Paste content of downloaded metadata from above step into field _IdP Metadata_
# Run below commands to generate SP private key and self-signed SP certificate:
openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout sp-key.pem -out sp-cert.crt
openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in sp-key.pem -out sp-key-pkcs8.pem
Copy content of file _sp-key-pkcs8.pem_ into field _SP Private Key_, and content of file _sp-cert.crt_ into field _SP Cert_
# Continue to specify below fields in SAML setting:
#* Email Attribute:
#* Full Name Attribute:
#* Group Names Attribute:
# Specify a default group if necessary and save the setting
# Navigate to _Group Management_ page and define groups with same name as we've defined in Azure AD, and assign appropriate permissions
# Navigate to page _Administration/System Setting_, and make sure property _Url to Access QuickBuild_ is specified as _https://build.example.com_
# Now logout and visit _https://build.example.com_ (make sure to visit the url specified in system setting), the sign in page should display a SSO login button
# Click this button and you will be taken to Azure AD for authentication. If authenticated successfully, you will be logged into QuickBuild.
{note}You can still login to QuickBuild with normal user/password without clicking the SSO button{note}