Single Sign-On

Governor supports Single Sign-On using OAuth2 or SAML.

Setting up OAuth2

OAuth2 is supported with the following clients:

  • Google

  • Microsoft

  • GitHub

For setting up OAuth2 single sign-on, provide the necessary application properties for the respective clients. See Spring Boot reference for the documentation. Governor supports GitHub, Google and Microsoft via the following set of properties:

spring.security.oauth2.client.registration.github.clientid
spring.security.oauth2.client.registration.github.clientsecret
spring.security.oauth2.client.registration.github.redirecturi
spring.security.oauth2.client.registration.google.clientid
spring.security.oauth2.client.registration.google.clientsecret
spring.security.oauth2.client.registration.microsoft.clientid
spring.security.oauth2.client.registration.microsoft.clientsecret

Setting up clientid property for any of this will enable the respective icon on the authentication form.

Setting up SAML

SAML is supported with the following providers:

  • Google

  • Microsoft Entra ID

Configure your SAML identity provider using the following URLs:

  • Identifier (Entity ID): https://[host]/api/v1/saml2/service-provider-metadata/microsoft

  • Reply URL (Assertion Consumer Service URL): https://[host]/api/v1/saml2/login/sso/microsoft

In order to set up SAML for, you have to provide a reference to metadata file in the following application property:

Google

spring.security.saml2.relyingparty.registration.google.entity-id={baseUrl}/api/v1/saml2/service-provider-metadata/{registrationId}
spring.security.saml2.relyingparty.registration.google.acs.location={baseUrl}/api/v1/saml2/login/sso/{registrationId}
spring.security.saml2.relyingparty.registration.google.assertingparty.metadata-uri=file:/IDP_metadata.xml

Microsoft Entra ID

spring.security.saml2.relyingparty.registration.microsoft.entity-id={baseUrl}/api/v1/saml2/service-provider-metadata/{registrationId}
spring.security.saml2.relyingparty.registration.microsoft.acs.location={baseUrl}/api/v1/saml2/login/sso/{registrationId}
spring.security.saml2.relyingparty.registration.microsoft.assertingparty.metadata-uri=file:/IDP_metadata.xml

The IDP_metadata.xml is provided when you set up a SAML application for your Google or Azure cloud domain.