Single Sign On
Governor supports Single Sign On using OAuth2 or SAML.
Setting up OAuth2
OAuth2 is supported with the following clients:
-
Google
-
Microsoft
-
GitHub
For setting up OAuth2 single sign on, provide the necessary application properties for the respective clients. See Spring Boot reference for the documentation. Governor supports GitHub, Google and Microsoft via the following set of properties:
spring.security.oauth2.client.registration.github.clientid
spring.security.oauth2.client.registration.github.clientsecret
spring.security.oauth2.client.registration.github.redirecturi
spring.security.oauth2.client.registration.google.clientid
spring.security.oauth2.client.registration.google.clientsecret
spring.security.oauth2.client.registration.microsoft.clientid
spring.security.oauth2.client.registration.microsoft.clientsecretSetting up clientid property for any of this will enable the respective icon on the authentication form.
Setting up SAML
SAML is supported with the following providers:
-
Google
-
Microsoft Entra ID
Configure your SAML identity provider using the following URLs:
-
Identifier (Entity ID):
https://[host]/api/v1/saml2/service-provider-metadata/microsoft -
Reply URL (Assertion Consumer Service URL):
https://[host]/api/v1/saml2/login/sso/microsoft
In order to set up SAML for, you have to provide a reference to metadata file in the following application property:
spring.security.saml2.relyingparty.registration.google.entity-id={baseUrl}/api/v1/saml2/service-provider-metadata/{registrationId}
spring.security.saml2.relyingparty.registration.google.acs.location={baseUrl}/api/v1/saml2/login/sso/{registrationId}
spring.security.saml2.relyingparty.registration.google.assertingparty.metadata-uri=file:/IDP_metadata.xmlMicrosoft Entra ID
spring.security.saml2.relyingparty.registration.microsoft.entity-id={baseUrl}/api/v1/saml2/service-provider-metadata/{registrationId}
spring.security.saml2.relyingparty.registration.microsoft.acs.location={baseUrl}/api/v1/saml2/login/sso/{registrationId}
spring.security.saml2.relyingparty.registration.microsoft.assertingparty.metadata-uri=file:/IDP_metadata.xmlThe IDP_metadata.xml is provided when you set up a SAML application for your Google or Azure cloud domain.