Single Sign-On
Governor supports Single Sign-On using OAuth2 or SAML.
Setting up OAuth2
OAuth2 is supported with the following clients:
-
Google
-
Microsoft
-
GitHub
For setting up OAuth2 single sign-on, provide the necessary application properties for the respective clients. See Spring Boot reference for the documentation. Governor supports GitHub, Google and Microsoft via the following set of properties:
spring.security.oauth2.client.registration.github.clientid
spring.security.oauth2.client.registration.github.clientsecret
spring.security.oauth2.client.registration.github.redirecturi
spring.security.oauth2.client.registration.google.clientid
spring.security.oauth2.client.registration.google.clientsecret
spring.security.oauth2.client.registration.microsoft.clientid
spring.security.oauth2.client.registration.microsoft.clientsecret
Setting up clientid
property for any of this will enable the respective icon on the authentication form.
Setting up SAML
SAML is supported with the following providers:
-
Google
-
Microsoft Entra ID
Configure your SAML identity provider using the following URLs:
-
Identifier (Entity ID):
https://[host]/api/v1/saml2/service-provider-metadata/microsoft
-
Reply URL (Assertion Consumer Service URL):
https://[host]/api/v1/saml2/login/sso/microsoft
In order to set up SAML for, you have to provide a reference to metadata file in the following application property:
spring.security.saml2.relyingparty.registration.google.entity-id={baseUrl}/api/v1/saml2/service-provider-metadata/{registrationId}
spring.security.saml2.relyingparty.registration.google.acs.location={baseUrl}/api/v1/saml2/login/sso/{registrationId}
spring.security.saml2.relyingparty.registration.google.assertingparty.metadata-uri=file:/IDP_metadata.xml
Microsoft Entra ID
spring.security.saml2.relyingparty.registration.microsoft.entity-id={baseUrl}/api/v1/saml2/service-provider-metadata/{registrationId}
spring.security.saml2.relyingparty.registration.microsoft.acs.location={baseUrl}/api/v1/saml2/login/sso/{registrationId}
spring.security.saml2.relyingparty.registration.microsoft.assertingparty.metadata-uri=file:/IDP_metadata.xml
The IDP_metadata.xml
is provided when you set up a SAML application for your Google or Azure cloud domain.