| Luca Milanesio | 0ba7c55 | 2019-02-13 16:37:26 +0000 | [diff] [blame] | 1 | # Okta as Gerrit SAML authentication provider |
| 2 | |
| 3 | - Create a new SAML 2.0 application. |
| 4 | - Set the following parameters: |
| James E. Blair | 1b92449 | 2021-03-30 11:30:12 -0700 | [diff] [blame] | 5 | - Single sign on URL: http://gerrit.site.com/plugins/saml/callback?client_name=SAML2Client |
| Luca Milanesio | 0ba7c55 | 2019-02-13 16:37:26 +0000 | [diff] [blame] | 6 | - Check "Use this for Recipient URL and Destination URL". |
| 7 | - Audience URI (SP Entity Id): http://gerrit.site.com/plugins/saml/callback |
| 8 | - We need to set up the attributes in the assertion to send the right |
| 9 | information. Here is how to do it with Okta: |
| 10 | - Application username: "Okta username prefix" |
| 11 | - Add attribute statement: Name: "DisplayName" with Value |
| 12 | "user.displayName" |
| 13 | - Add attribute statement: Name: "EmailAddress" with Value |
| 14 | "user.email" |
| 15 | - **IMPORTANT**: If you are not using Okta, you need to set up an attribute |
| 16 | "UserName" with the value of the username (not email, without @). If you |
| 17 | do not do so, the name will be taken from the NameId provided by |
| 18 | the assertion. This is why in Okta we set the application username to |
| 19 | "Okta username prefix". |
| James E. Blair | 1b92449 | 2021-03-30 11:30:12 -0700 | [diff] [blame] | 20 | - Obtain your IdP metadata (either URL or a local XML file) |
