You are not logged in. Click here to log in.

codebeamer Application Lifecycle Management (ALM)
Login
 Projects
 Wiki
Last ModifiedRecently Visited Items
Search In Project
Search inClear
anonymous
[WIKIPAGE-16911056] How to set up SAML with Azure AD (Azure Active Directory)
Tags:  not added yet

Azure Application Registration

To use Azure Active Directory authentication in codeBeamer, first of all an application registration must be performed in Azure Active Directory. This will be the connection point between Azure AD and codeBeamer.

  1. Login into Azure portal.
  2. Open Azure Active Directory
  3. On the left hand side, click on Enterprise Applications
  4. Clink on New Application
  5. Click on Create your own application and give a name to your application and choose the Non-gallery option.
  6. After your application has been created, choose the Single sign on on the left hand side and select SAML.
  7. Download the metadata XML file of the Identity Provider. It can be found under the SAML Signing Certificate section. Later you will have to use it.
  8. Create a service provider (See: How to set up codebeamer as service provider also [Codebeamer configuration])
  9. Upload the metadata XML file of your Service Provider.

    If everything went well, following information appears:
    • Entity ID: service provider name
    • Reply URL: https://<domain-of-customer-instance-domain>/cb/saml/sp/SSO/alias/SAML2.spr (Please note that you might no need to add a "cb" into the URLs, it depends on you)
    • Logout URL: https://<domain-of-customer-instance-domain>/cb/saml/sp/logout/alias/SAML2.spr (Please note that you might no need to add a "cb" into the URLs, it depends on you)
  10. Assign the users, groups who are allowed to use this single sign-on method. On the left hand-side click on User and groups and add the users, groups.
  11. User attributes and claims must match with the user mapping configuration on the codeBeamer side. These attributes, claims can be modified if necessary.
    1. In the User Attributes & Claims section click on Edit.
    2. You should see the following:


Codebeamer configuration


Following changes must be applied in order to make Azure AD work

User mapping

{
  "ssoId" : "http://schemas.microsoft.com/identity/claims/objectidentifier",
  "lastName" : "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname",
  "firstName" : "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname",
  "name" : "http://schemas.microsoft.com/identity/claims/displayname",
  "email" : "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
}


Known issues

  1. IDP xml does not contain NameID tag. Solution here: SSO FAQ and Troubleshooting
  2. Nginx proxy buffer size too small, 8k is recommended. see: http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffers
Fast Links

codebeamer Overview
What is new?
How-to videos

codebeamer Knowledge Base
User's Guide (user manual)
Administrator's Guide
Installation Guide
Developer's Guide
Localization Guide

Services by Intland Software
Product Support
Consulting
Training

Integrations