SAML Configuration

Owned by Alex Ragen (Deactivated)
Last updated: Mar 31, 2022 by Avinoam Weitman
3 min read

WhiteSource SAST® supports SAML as an alternative authentication method. To configure SAML, navigate to Administration -> Users and check the Enable SAML Authentication box.

WhiteSource SAST® Service Provider Configuration

In SAML terms, WhiteSource SAST® is a Service Provider (SP), i.e., the entity providing the service. As such, it requires the following configuration:

Entity ID: Enter your organization's unique SAML ID (it can be found in your IDP’s SAML metadata, usually as an entityID tag.).

Mapping of SSO users to WhiteSource SAST® roles can be done in Role Mapping section using attributes. If no role mapping is configured or matched, the configured Default Role will be assigned to logged in users.

Mapping of SSO users to WhiteSource SAST® groups can be done in Group Mapping section using attributes. If no group mapping is configured or matched, the default "SSO Users" group will be assigned to logged in users.

WhiteSource SAST service provider metadata endpoint is located at https://<your-whitsource-sast-url>/saml/metadata

WhiteSource SAST will sign all requests by default. This will not affect some of the popular identity providers like Okta and Azure that do not validate AuthnRequest signatures as the parameters are ignored.

Identity Provider Configuration

An Identity Provider (IdP) is the entity providing the identities, including the ability to authenticate a user. The Identity Provider typically also contains the user profile: additional information about the user such as first name, last name, job code, phone number, address, and so on.

OKTA

  1. Sign in to Okta as an administrator.

  2. Go to Applications -> Create App Integration.

  3. In the Create a new app integration window, choose SAML 2.0 as the Sign-in method.

4. Click Next to enter General Settings for the application, including App name and App logo (optional).

5. Click Next to enter SAML Settings, including:

  • Single sign on URL: <https://<your-whitesource-sast-url>/saml/acs>

  • Audience URI: <https://<your-whitesource-sast-url>/saml/metadata>

  • Name ID format: unspecified

  • Application username: Email

6. Under Show Advanced Settings the option called Assertion Encryption should be set to Encrypted which will enable the Encryption Certificate upload option where the previously generated certificate in Service Provider configuration steps should be submitted.

7. Finally, configure Attribute Statements. These statements are inserted into the SAML assertions shared with WhiteSource SAST®. Username attribute and any other mapping attributes, such as for role or group mapping, should be configured here.
Name: the reference name of the attribute needed by WhiteSource SAST®, e.g. username.
Value: the value for the attribute defined by the Name element. Admins can create custom expressions (using Okta Expression Language) to reference values in the Okta user profile, e.g. user.login.

 

Copyright © 2024 Mend.io (White Source Ltd.) | All rights reserved.