Short Description: SonarQube SAML Single Sign On(SSO) allows users to sign in into SonarQube Server with SAML 2.0 capable Identity Provider (IdP). We support all known IdPs like ADFS, Azure AD, Okta, Onelogin, Google Apps, Salesforce, Shibboleth etc. As this is our first release, please do include it into SonarQube Marketplace.
I guess you’re asking to have the plugin added to the Marketplace?
Since SAML auth features are bundled into the product, I’m not sure that’s going to be feasible. But if you wouldn’t mind satisfying my curiosity, what’s the difference between the SAML functionality in your plugin and what’s bundled with SonarQube?
We have expertise in Single Sign-On (SSO) and have created many modules for various platforms (WordPress, Joomla, Drupal, etc) just like the one we submitted to you. We suggested your module to some of our customers who were planning to enable SSO for SonarQube but they came back to us with requirements for which we created an entirely new module. There are some limitations in the existing SonarQube SAML SSO bundle and we have tried to overcome these limitations in our SAML SSO module to match customer needs(mentioned below).
SAML requests are not signed: In order for the existing SAML plugin on SonarQube to work, the client signature validation should be disabled in the Identity Provider.
SAML encrypted responses are not supported: Also, for the existing SAML plugin to work, SAML encryption should be disabled in the Identity Provider
Apart from overcoming the limitations of the existing SAML Single Sign On (SSO) module, we provide numerous additional features that will be extremely useful for anyone who wants SAML SSO in SonarQube.
Listing a few of those features that we provide in our free and premium modules below:
On the fly User Creation : Auto-create users in SonarQube after SSO, if the user is not already present in SonarQube. [Free]
SSO binding types : We have support for both HttpRedirect binding and HttpPost binding types. [Free]
HttpRedirect: The SAML Request message is sent as a GET request to IdP when HTTP-Redirect is selected.
HttpPost: The SAML Request message is sent as a POST request to IdP when HTTP-Post is selected.
Test Configuration : Using this feature, you can easily validate your SAML response and data. [Free]
Attribute mapping : It will map user attributes receiving from Identity Provider to SonarQube. [Free]
Group mapping : It will map user groups receiving from IdP to SonarQube. [Free]
Force authentication : User will be forced to re-authenticate with Identity Provider (IdP) when he accesses the SonarQube Instance, irrespective of the SSO session at IdP. [Free]
Single Logout: Allows you to log out your user from both SonarQube as well as your Identity Provider. [Premium]
NameID Format: Our module supports multiple NameID Formats like email, persistent, etc. [Premium]
Import IdP Metadata using File/URL/Text : Import IdP metadata dynamically instead of manually copying them. [Premium]
Auto redirect user to IdP : Auto redirection takes the user to the IdP login page instead of showing the default SonarQube login page. [Premium]
Customize SP Certificates (Private/Public): You can have your own customized Public and private certificates, which will enhance the security even more. [Premium]
Import and Export configurations : While upgrading versions or switching platform store your configuration and use it later on. In case of troubleshooting, share configuration, so we could provide proper technical support. [Premium]
Multiple IdP support : Configure and use more than one Identity Providers (IdP) at a time. [Premium]
In addition to this, we have various other features in our SonarQube SAML module, check out the link here.
We have 24*7 technical support via email and online meeting, with a specialized dedicated team for handling and guiding customers through Single Sign-On (SSO) setup and debugging environment-specific issues.
We provide documentation for setting up 20+ Identity Providers (IdPs) with the SonarQube SAML SP module.
Our module will provide a great addition to SonarQube and will cover the security/feature gaps & limitations of the inbuilt SAML provided.
Let me know if you have any other questions, I would be happy to answer.
Thanks for satisfying my curiosity. I’ve done some checking internally, and I’m afraid I am going to have to invoke the non-compete requirement and refuse this plugin entry to the Marketplace. And I’ve added it to the Other Plugins page.
I appreciate that your offering is more fully fleshed, and handles the limitations of our current offering. We have created some improvement tickets latest for our SAML functionality, and hopefully your example will spur us to excellence in this area.
We’re glad to be able to answer your questions, and thanks for adding our plugin under your Other Plugins page.
It would be an honor if you could include our plugin in the marketplace and allow us to be a small part of your SonarSource family. We have a good hands-on in Single Sign On and we are quite experienced in providing SSO related solutions. It would be really beneficial for the customers who are currently looking for advanced SSO functionalities.
Looking forward to knowing your thoughts on the same.