SAML support is currently only available in certain Inedo product versions.
SAML-based single sign-on is an authentication mechanism that uses a third-party identity provider to verify the identity of user, and relay user metadata back into the Inedo product, effectively replacing the Inedo product login page, with that of the identity provider's, or removes it altogether if a user is already signed-in to the identity provider.
SAML authentication is currently in beta, installable from the Inedo Hub. This functionality is available in the following prerelease product versions:
If you are using ProGet 5.2, visit the Administration > Advanced Settings page to enable the Web.PrereleaseFeaturesEnabled
setting.
In general, configuring an identity provider requires the following steps to enable SAML authentication:
Instructions for the following specific identity providers can be found here:
Once the identity provider is configured to support authentication in an Inedo product, the following properties must be configured on the Administration > Enable Single Sign-on (SAML) page:
Once these settings are saved, they will be validated and any errors will appear on the page. If successful, SAML authentication will be enabled, and selecting "Log In" from the user dropdown will present a sign-in button instead of username and password fields.
Troubleshooting note: Once enabled, there may be errors related to the web application restarting and/or cookies. Simply click the Clear Authentication Cookies button to resolve this once the site restarts. See the troubleshooting section if you get locked out.
To reset the configured user directory to the built-in directory, and reset the Admin account to the password Admin, a server administrator must run the following command on the Inedo product's server:
(proget-installation-directory)\Service> .\ProGet.Service.exe resetadminpassword
(buildmaster-installation-directory)\Service> .\BuildMaster.Service.exe resetadminpassword
(otter-installation-directory)\Service> .\Otter.Service.exe resetadminpassword
Once the user directory and Admin account are reset, the web application must be restarted. To restart the Integrated Web Server, run the following PowerShell command:
Restart-Service INEDOPROGETWEBSVC
Restart-Service INEDOBUILDMASTERWEBSVC
Restart-Service INEDOOTTERWEBSVC
If your Inedo product is installed to run on IIS, use the Restart-WebAppPool command or recycle it directly in the IIS management UI. By default, the application pool is named ProGetAppPool, BuildMasterAppPool, or OtterAppPool, but may have been changed by a system administrator during installation.
The next time you visit after running these commands, there may be stale authentication cookies that can be cleared from the corresponding error page, (if they are automatically detected) or by simply clearing web browser cookies manually. When testing access, make sure to visit the root URL (for example: https://proget-server/
).
Is this documentation incorrect or incomplete? Help us by contributing!
This documentation is licensed under CC-BY-SA-4.0 and stored in GitHub.