Pactflow supports single sign on using the SAML authentication protocol.
A SAML provider is configured by a set of environment variables prefixed with
PACTFLOW_SAML_. See the SAML section of the environment variables page for the full list.
Assertion Consumer URL
This is the endpoint to which the IDP will post the SAML assertion after the user is authenticated. It is also called the "sign on URL", "reply URL", and "callback URL", depending on your IDP. You will need to configure this value in your IDP when you set up the Pactflow service provider.
The URL is
https://<your Pactflow host>/auth/saml/callback.
The Pactflow SAML service provider metadata URL is available at
https://<your Pactflow host>/auth/saml/metadata.
Configuring multiple SAML providers
In Pactflow 1.7.0 and later, multiple SAML providers may be configured. To configure a second SAML provider, create another set of the SAML environment variables with the prefix
PACTFLOW_SAML_3_ for the third, etc). The
PACTFLOW_SAML_ISSUER does not need to be specified again, as it is shared between all SAML providers.
The callback path for the second provider is
/auth/saml/2/callback, and for the third
/auth/saml/3/callback etc. The path for the metadata for subsequent SAML providers will be
Configuring Azure Active Directory
Create a non gallery application
Follow the Microsoft documentation for creating a non gallery application.
Non-gallery applicationat the
Add your own appscreen.
- Set the name to
Pactflow On-Premesiswhen prompted.
When the application has been created, assign the users that should be allowed to login to Pactflow.
Once the users have been assigned, select the
Single sign-ontab. Select
Set the Identifier (Entity ID) to
https://pactflow.<your company domain>eg.
https://pactflow.mycompany.com. This field must match the [PACTFLOW_SAML_ISSUER]../(environment-variables#pactflow_saml_issuer) environment variable.
Set the Reply URL to
https://<your Pactflow host>/auth/saml/callback
Leave the Sign On URL, Relay State and Logout Url fields blank.
Configure the Pactflow environment variables
You can find a template for the required environment variables here.
- Set the PACTFLOW_SAML_ISSUER to the
Identifier (Entity ID).
- Set the PACTFLOW_SAML_IDP_SSO_TARGET_URL to the
- Set the PACTFLOW_SAML_IDP_ENTITY_ID to the
Azure AD Identifier
- Set the PACTFLOW_SAML_IDP_CERT_FINGERPRINT to the
- Set the PACTFLOW_SAML_IDP_NAME to your choice - this is a display name for the login button.
- Set the identifier, email and name attributes as per the template.