Skip to main content

SAML Overview

This plugin allows you to configure a connection with a SAML provider.

Integration with SAML will allow you to log in to ReportPortal using SSO instead of tedious manual user creation.

The plugin provides a mechanism for exchanging information between ReportPortal and the SAML provider, such as the possibility of logging in to ReportPortal with SAML credentials.

User JIT provisioning

note

If you have a pre-created Internal user, you can't login by SAML using their credentials (Email or Name).

Just-in-time (JIT) provisioning is a feature that creates a user account in ReportPortal when a user logs in for the first time. This feature is available for SAML integrations.

However, you can't provision a user from SAML Provider to ReportPortal if you already have a pre-created internal user in ReportPortal with the same email and different login. The login must be the email name without the domain part. For instance, if the email is john_weak@babayaga.com the login should be john_weak. In the opposite case, the user cannot log in to ReportPortal. You can fix it by changing the login name or email or deleting the user from the ReportPortal.

SAML provider requirements

tip

There are detailed manuals for the configuration of Azure SAML and Okta SAML.

  • SAML 2.0 version
  • HTTP-POST Binding
  • URL to download SAML IdP Metadata
  • HTTPS connection for SAML Metadata
  • Support SAML attributes:
    • email
    • first name
    • last name
    • full name (instead of first and last name)

Add integration

ReportPortal contains the SAML Plugin by default.

  1. Go to Administration -> Plugins -> SAML
  2. Select Add integration.

Set up connection

Identity provider configuration

ReportPortal Assertion Consumer Service URL (ACS URL)

You have to provide a URL for a SAML provider to deliver SAML data to the identity federation.

https://<host>/uat/saml/sp/SSO/alias/report-portal-sp

Identifier

Set up identifier (aka Audience Restriction, aka Entity ID) for application as report.portal.sp.id. When you deploy the authorization service, you can specify your entity ID using the environment variable RP_AUTH_SAML_ENTITYID.

Custom attributes

The IDp app user profile must provide attributes like this:

- user.email
- user.firstName
- user.lastName

Also, Make sure there is a mapping created according to the values that you use in the ReportPortal SAML plugin like this:

- user.email -> Email
- user.firstName -> FirstName
- user.lastName -> LastName

Service provider initial URL (SP-Initiated SSO)

Some Identity Providers can request a URL for the initial login page. You can provide the URL to the ReportPortal login page.

https://<host>/ui/#login

ReportPortal configuration

Identity provider name ID (Optional)

Identity provider name ID (aka name identifier formats) controls how the users at identity providers are mapped to users at service providers.

We support the following formats:

  1. UNSPECIFIED - used by default
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
  1. EMAIL
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

Provider name - Provider name associated with IDP.

Metadata URL - URL that provides data with information about SAML Provider.

Email - Attribute name from SAML metadata which contains an user email.

<saml:Attribute Name="Email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
   <saml:AttributeValue xsi:type="xs:string">neuromancer@cyberspace.net</saml:AttributeValue>
 </saml:Attribute>

ReportPortal Callback URL - This field provides a redirect base path.

Once you submit an integration with the "RP callback URL," the URL will be applied to all SAML integrations.

https://<host>/uat

First name - Attribute name from SAML metadata which contains an user first/given name.

<saml:Attribute Name="FirstName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">William</saml:AttributeValue>
</saml:Attribute>

Last name - Attribute name from SAML metadata which contains an user last/family name.

<saml:Attribute Name="LastName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">Gibson</saml:AttributeValue>
</saml:Attribute>

Full name - Attribute name from SAML metadata which contains a full user name. You can use either two separate attributes for first name and last name or a combined first and last name attribute. This solely depends on your SAML provider.

<saml:Attribute Name="FullName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">William Gibson</saml:AttributeValue>
</saml:Attribute>