Versions Compared

Old Version 2

changes.mady.by.user Michelle Friedman

Saved on

compared with

New Version Current

changes.mady.by.user Angela Ruhstorfer

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Mend SAST® supports SAML as an alternative authentication method. To configure SAML, navigate to Administration -> Users and check Enable SAML Authentication.

...

Mend SAST® Service Provider Configuration

In SAML terms, Mend SAST® is a Service Provider (SP), i.e., the entity providing the service. As such, it requires the following configuration:

Entity ID: Enter your organization's unique SAML ID (it can be found in your IDP’s SAML metadata, usually as an entityID tag.).

Mapping of SSO users to Mend SAST® roles can be done in Role Mapping section using attributes. If no role mapping is configured or matched, the configured Default Role will be assigned to logged in users.

Mapping of SSO users to Mend SAST® groups can be done in Group Mapping section using attributes. If no group mapping is configured or matched, the default "SSO Users" group will be assigned to logged in users.

Mend SAST service provider metadata endpoint is located at https://<your-whitsource-sast-url>/saml/metadata

Mend SAST will sign all requests by default. This will not affect some of the popular identity providers like Okta and Azure that do not validate AuthnRequest signatures as the parameters are ignored.

Identity Provider Configuration

An Identity Provider (IdP) is the entity providing the identities, including the ability to authenticate a user. The Identity Provider typically also contains the user profile: additional information about the user such as first name, last name, job code, phone number, address, and so on.

OKTA

  1. Sign in to Okta as an administrator.

  2. Go to Applications -> Create App Integration.

  3. In the Create a new app integration window, choose SAML 2.0 as the Sign-in method.

...

4. Click Next to enter General Settings for the application, including App name and App logo (optional).

...

5. Click Next to enter SAML Settings, including:

  • Single sign on URL: <https://<your-whitesource-sast-url>/saml/acs>

  • Audience URI: <https://<your-whitesource-sast-url>/saml/metadata>

  • Name ID format: unspecified

  • Application username: Email

...

6. Finally, configure Attribute Statements. These statements are inserted into the SAML assertions shared with Mend SAST®. Username attribute and any other mapping attributes, such as for role or group mapping, should be configured here.

Name: the reference name of the attribute needed by Mend SAST®, e.g. username.
Value: the value for the attribute defined by the Name element. Admins can create custom expressions (using Okta Expression Language) to reference values in the Okta user profile, e.g. user.login.

...

This page is available at Mend’s new Knowledge Hub, here: SAML Configuration