| # Okta as Gerrit SAML authentication provider |
| |
| - Create a new SAML 2.0 application. |
| - Set the following parameters: |
| - Single sign on URL: http://gerrit.site.com/plugins/saml/callback?client_name=SAML2Client |
| - Check "Use this for Recipient URL and Destination URL". |
| - Audience URI (SP Entity Id): http://gerrit.site.com/plugins/saml/callback |
| - We need to set up the attributes in the assertion to send the right |
| information. Here is how to do it with Okta: |
| - Application username: "Okta username prefix" |
| - Add attribute statement: Name: "DisplayName" with Value |
| "user.displayName" |
| - Add attribute statement: Name: "EmailAddress" with Value |
| "user.email" |
| - **IMPORTANT**: If you are not using Okta, you need to set up an attribute |
| "UserName" with the value of the username (not email, without @). If you |
| do not do so, the name will be taken from the NameId provided by |
| the assertion. This is why in Okta we set the application username to |
| "Okta username prefix". |
| - Obtain your IdP metadata (either URL or a local XML file) |