JetBrains CodeCanvas 2024.2 Help

SAML 2.0 Auth Module

SAML 2.0 authentication module lets you configure CodeCanvas as a SAML Service Provider (SAML SP). SAML supports single sign-on (SSO) across multiple domains.

When you configure and enable a SAML 2.0 authentication module in CodeCanvas:

  • CodeCanvas users will be able to log in to CodeCanvas with the credentials that are managed in a specified third-party identity provider (SAML IdP).

  • CodeCanvas users will have fewer accounts and passwords to remember.

  • New users with accounts in the connected service will be able to create their own accounts in CodeCanvas.

Single sign-on initiation

The SAML 2.0 authentication module supports both service-provider (SP) and identity-provider (IdP) initiation for single sign-on (SSO). The login request is based on where the user signs in to CodeCanvas from.

  • If the user signs in through an external login portal or access management provider (for example, OneLogin), the request is initiated by the IdP.

  • If the user signs in by clicking the button for the IdP in the CodeCanvas login page, the request is initiated by CodeCanvas as SP.

To support this behavior, the RelayState parameter for your SAML IdP must be empty. If you set a value for this parameter in the configuration for your IdP, the redirection to CodeCanvas results in a Can't restore state error.

Enable SAML 2.0 authentication

To enable SAML 2.0 authentication, configuration is required on both sides: the identity-provider (IdP) and CodeCanvas. The actual setup procedure depends on the identity-provider (IdP) you're going to use, but usually involves the following general steps:

  1. In CodeCanvas, start creating a new SAML 2.0 auth module. The New Auth Module form provides you with necessary parameters to configure your identity-provider (IdP).

  2. On the identity-provider (IdP) side, set up a SAML identity service (application) using the information from the SAML 2.0 auth module form in CodeCanvas, such as SP entity ID and ACS URL.

  3. On both sides, configure the SAML attributes for user accounts.

  4. In CodeCanvas, specify the required parameters generated by the identity-provider (IdP), such as SAML SSO URL, IdP entity ID, IdP certificate fingerprint.

    If the IdP service does not provide a fingerprint of their certificate, create it applying SHA256. For example, you can use SAML Tool to create one.

  5. In CodeCanvas, activate the SAML 2.0 authentication module.

Example: Configure Okta as SAML Identity Provider in CodeCanvas

There are many SAML-based Single Sign-On services you can use. In this example, we'll configure Okta to work with CodeCanvas as a SAML IdP. This instruction assumes that you have an account with Okta.

Get parameters from your CodeCanvas SAML 2.0 auth module

  1. In the header navigation, select Administration, then in the sidebar menu, select Auth Modules.

  2. Click New auth module. The New Auth Module dialog opens.

  3. From the Type drop-down list, select SAML 2.0.

  4. Collect values from the following filds on the form:

    • SP entity ID

    • ACS URL

Set up a new SAML IdP application in Okta

  1. In a new browser tab or window, sign in to your Okta organization as an administrator.

  2. Create a new SAML application for CodeCanvas service. Follow the Okta instructions to create it.

  3. Provide the values that you have gathered from your CodeCanvas SAML 2.0 auth module:

    • Paste SP entity ID into the Audience URI field.

    • Paste ACS URL into the Single sign on URL field.

  4. Specify the following values for the fields:

    Field

    Value

    Default RelayState

    leave blank

    Name ID format

    Email Address

    Application username

    Email

Set SAML attributes

  1. In CodeCanvas, on the SAML 2.0 auth module form, find the Attributes section.

  2. In Okta, locate the Attribute Statements section and add attributes. Specify the names to match the corresponding field names in CodeCanvas and provide the following values:

    SAMLattributesOkta.png
  3. Click Finish when done to create your SAML application in Okta.

Provide Okta-generated parameters to CodeCanvas and enable the module

  1. In Okta, go to the Sign On tab and click the View Setup Instructions button:

    OktaViewSetupInstruction.png

    A page with the parameters of your Okta IdP will open.

  2. Copy the values and paste them into the corresponding fields of the SAML 2.0 auth module form in CodeCanvas:

    Okta Field Name

    CodeCanvas Field Name

    Identity Provider Single Sign-On URL

    SAML SSO URL

    Identity Provider Issuer

    IdP entity ID

    X.509 Certificate

    IdP certificate fingerprint

    To generate the fingerprint, copy the certificate from Okta, then in CodeCanvas, click Upload X.509 certificate… and paste it into the pop-up window.

  3. Switch the SAML 2.0 auth module status to Active:

    SAMLactive.png
  4. Click Create to save your settings and enable the module.

Last modified: 28 August 2024