h1. Purpose
This tutorial demonstrates how to set up QuickBuild to authenticate via Azure AD using SAML protocol
h1. Assumptions
# QuickBuild is accessed via https://build.example.com
h1. Steps
# Create an application in Azure AD:
!create-app.png!
# Assign users/groups to created application
!assign-users.png!
# Open SAML SSO setup page:
!saml-sso.png!
# Edit basic SAML configuration, change _Identifier_ as _https://build.example.com/saml_, and _Reply URL_ as _https://build.example.com/sso-login_, and then save the setting:
!basic-saml-setting.png!
!basic-saml-setting2.png!
# Edit user attributes and claims to add group claim:
!edit-attributes.png!
!edit-attributes2.png!
# Download and save the Idp meta data:
!download-metadata.png!
# Login to QuickBuild, navigate to page _Administration/Security Setting_ and select _SSO via SAML2_ as _SSO Provider_. Paste content of downloaded metadata from above step into field _IdP Metadata_
# Run below commands to generate SP private key and self-signed SP certificate:
{code}
openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout sp-key.pem -out sp-cert.crt
openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in sp-key.pem -out sp-key-pkcs8.pem
{code}
Copy content of file _sp-key-pkcs8.pem_ into field _SP Private Key_, and content of file _sp-cert.crt_ into field _SP Cert_
# Continue to specify below fields in SAML setting:
#* Email Attribute: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
#* Full Name Attribute: http://schemas.microsoft.com/identity/claims/displayname
#* Group Names Attribute: http://schemas.microsoft.com/ws/2008/06/identity/claims/groups
# Specify a default group if necessary and save the setting
# Navigate to _Group Management_ page and define groups with same name as we've defined in Azure AD, and assign appropriate permissions
# Navigate to page _Administration/System Setting_, and make sure property _Url to Access QuickBuild_ is specified as _https://build.example.com_
# Now logout and visit _https://build.example.com_ (make sure to visit the url specified in system setting), the sign in page should display a SSO login button
!sso-signin.png!
# Click this button and you will be taken to Azure AD for authentication. If authenticated successfully, you will be logged into QuickBuild.
{note}You can still login to QuickBuild with normal user/password without clicking the SSO button{note}
This tutorial demonstrates how to set up QuickBuild to authenticate via Azure AD using SAML protocol
h1. Assumptions
# QuickBuild is accessed via https://build.example.com
h1. Steps
# Create an application in Azure AD:
!create-app.png!
# Assign users/groups to created application
!assign-users.png!
# Open SAML SSO setup page:
!saml-sso.png!
# Edit basic SAML configuration, change _Identifier_ as _https://build.example.com/saml_, and _Reply URL_ as _https://build.example.com/sso-login_, and then save the setting:
!basic-saml-setting.png!
!basic-saml-setting2.png!
# Edit user attributes and claims to add group claim:
!edit-attributes.png!
!edit-attributes2.png!
# Download and save the Idp meta data:
!download-metadata.png!
# Login to QuickBuild, navigate to page _Administration/Security Setting_ and select _SSO via SAML2_ as _SSO Provider_. Paste content of downloaded metadata from above step into field _IdP Metadata_
# Run below commands to generate SP private key and self-signed SP certificate:
{code}
openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout sp-key.pem -out sp-cert.crt
openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in sp-key.pem -out sp-key-pkcs8.pem
{code}
Copy content of file _sp-key-pkcs8.pem_ into field _SP Private Key_, and content of file _sp-cert.crt_ into field _SP Cert_
# Continue to specify below fields in SAML setting:
#* Email Attribute: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
#* Full Name Attribute: http://schemas.microsoft.com/identity/claims/displayname
#* Group Names Attribute: http://schemas.microsoft.com/ws/2008/06/identity/claims/groups
# Specify a default group if necessary and save the setting
# Navigate to _Group Management_ page and define groups with same name as we've defined in Azure AD, and assign appropriate permissions
# Navigate to page _Administration/System Setting_, and make sure property _Url to Access QuickBuild_ is specified as _https://build.example.com_
# Now logout and visit _https://build.example.com_ (make sure to visit the url specified in system setting), the sign in page should display a SSO login button
!sso-signin.png!
# Click this button and you will be taken to Azure AD for authentication. If authenticated successfully, you will be logged into QuickBuild.
{note}You can still login to QuickBuild with normal user/password without clicking the SSO button{note}