SAML provider
If you have a pre-created Internal user, you can't log in by SAML using their credentials (Email or Name).
This plugin allows you to configure a connection with a SAML provider.
Integration with SAML will allow you to login into ReportPortal using SSO instead of tedious manual user creation.
The plugin provides a mechanism to exchange information between ReportPortal and SAML provider, such as the possibility to login to ReportPortal with SAML credentials.
SAML provider requirements
- SAML 2.0 version
- HTTP-POST Binding
- URL to download SAML IdP Metadata
- HTTPS connection for SAML Metadata
- Support SAML attributes:
- first name
- last name
- full name (instead first and last name)
There are detailed manuals for configuration of Azure SAML and Okta SAML.
Add integration
ReportPortal contains the SAML Plugin by default.
- Go to
Administration
->Plugins
->SAML
- Select
Add integration
.
Set up connection
Identity provider configuration
ReportPortal SSO initial URL
You need to provide a URL for a SAML Provider to deliver SAML data for the identity federation.
https://<host>/uat/saml/sp/SSO/alias/report-portal-sp
Identifier
Set up identifier (aka Audience Restriction, aka Entity ID) for application as report.portal.sp.id
.
You can specify personal Entity id when you deploy the Authorization service by environment variable RP_AUTH_SAML_ENTITYID
.
Custom attribute as claims in token
The IDp app user profile must provide attributes like this:
- user.email
- user.firstName
- user.lastName
Also, Make sure there is a mapping created according to the values that you use in the ReportPortal SAML plugin like this:
- user.email -> Email
- user.firstName -> FirstName
- user.lastName -> LastName
ReportPortal configuration
Identity provider name ID (Optional)
Identity provider name ID (aka name identifier formats) controls how the users at identity providers are mapped to users at service providers.
We support next formats:
UNSPECIFIED - used by default
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
PERSISTENT
urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
Provider name - Provider name associated with IDP.
Metadata URL - URL that provides data with information about SAML Provider.
Email - Attribute name from SAML metadata which contains an user email.
<saml:Attribute Name="Email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">neuromancer@cyberspace.net</saml:AttributeValue>
</saml:Attribute>
ReportPortal Callback URL (Optional) - This field provides a redirect base path.
Once you have submitted an integration with “RP callback URL”, the URL will be applied to all SAML integrations.
https://<host>/uat
First name - Attribute name from SAML metadata which contains an user first/given name.
<saml:Attribute Name="FirstName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">William</saml:AttributeValue>
</saml:Attribute>
Last name - Attribute name from SAML metadata which contains an user last/family name.
<saml:Attribute Name="LastName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">Gibson</saml:AttributeValue>
</saml:Attribute>
Full name - Attribute name from SAML metadata which contains a full user name. You can use either two separate attributes for first name and last name or a combined first and last name attribute. This solely depends on your SAML provider.
<saml:Attribute Name="FullName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">William Gibson</saml:AttributeValue>
</saml:Attribute>