:
Skip Navigation
Resources Blog SAML/SSO authentication and Conan in Sonatype Nexus ...

SAML/SSO authentication and Conan in Sonatype Nexus Repository

Introducing the release of Sonatype Nexus Repository 3.22. Our product teams are excited to announce SAML/SSO authentication for Sonatype Nexus Repository. In addition to SAML/SSO, this release includes proxy support for Conan native format in both Sonatype Nexus Repository users and our free version, Sonatype Nexus Repository OSS. Conan is the decentralized, portable, and extensible package manager for C/C++ projects.

Amidst much anticipation, Sonatype Nexus Repository now provides users the ability to authenticate with Security Assertion Markup Language (SAML) identity providers. Using SAML, users can now experience single sign-on (SSO) when logging into the Sonatype platform. In the reading ahead, we will "pop the hood" on SAML to learn how it works with Sonatype Nexus Repository, what benefits users can gain setting up the SAML integration, and key highlights for both Sonatype Nexus Repository admins and developers.

SAML and Sonatype Nexus Repository

To begin, below is a list of what is being delivered for SAML/SSO support in Sonatype Nexus Repository.

Sonatype Nexus Repository admin

  • SAML Security Realm
  • SAML IdP Config Page
  • SAML Service Provider Metadata Endpoint
  • SAML User Management

Sonatype Nexus Repository user

  • SAML Single Sign On Experience

SAML is designed to secure browser-based interactions. SAML is an XML-based, open standard that enables single sign-on (SSO) to web- and cloud-based applications and services. Configuring the SAML integration, Sonatype Nexus Repository users have the ability to use a single set of login credentials to access Sonatype Nexus Repository and other enterprise applications. The workings of SAML support in Sonatype Nexus Repository 3.22 illustrates the interaction between a SAML service provider (SP), in this case Sonatype Nexus Repository application, and an identity provider (IdP).

A full list of Identify Providers supported with Sonatype Nexus Repository is listed below in the key highlights section.

 

In a typical workflow, users will attempt to access the secured Sonatype Nexus Repository application, which directs them to the identity provider to log in. Once the identity provider verifies user identity for authentication, the identity provider then redirects the users back to the secured service provider (Sonatype Nexus Repository application) along with authorization information - an HTTP response with XML-based security information called a SAML assertion. This authorization information can include groups that users are members of. If groups are provided, Sonatype Nexus Repository will match the IdP-provided group names to Sonatype Nexus Repository role names for access to certain user privileges. External group mappings can also be added to provide additional flexibility to handle specific organization taxonomy. Once users are authenticated by the SAML identity provider, Sonatype Nexus Repository will use the regular web session to manage access to the Sonatype Nexus Repository UI.

SAML benefits and key highlights

There have been several Sonatype Nexus Repository customers who have requested SAML/SSO support for the ability to use Single Sign-On rather than LDAP for authentication, or specific customers who might have audit compliance requirements which are easier to meet when all software applications use the same SAML federation. Whether the release of SAML/SSO provides new methods of authentication, supports compliance and policy requirements, or improves overall user experience, customers can now take advantage of these benefits from setting up the SAML integration with Sonatype Nexus Repository.

So, why use the new SAML integration with Sonatype Nexus Repository?

Sonatype Nexus Repository admin

  • Interoperable standardization across multiple applications (i.e. Jenkins, Jira, JetBrains, etc.)
  • Consolidation for identity management
  • Reduced costs of maintaining individual account credentials
  • Reduced setup time for all internal users
  • Enhanced security for internal users / ability to authenticate from
  • Audit compliance requirements

Sonatype Nexus Repository user

  • Single Sign-On Experience
  • More secure logins (i.e. two-factor authentication)

Sonatype Nexus Repository customers also have the benefit of using any of these identity providers for SAML integration.

List of supported identity providers

  • Auth0
  • Keycloak
  • Microsoft AD/ADFS
  • Okta
  • OneLogin
  • PingFederate

Additional items

For a complete list of Sonatype Nexus Repository 3.22 release details and also any questions you may have, please refer to the items below.

Picture of Brent Kostak

Written by Brent Kostak

Brent is the Director of Product Marketing connecting developers and DevOps communities to Sonatype Nexus tools and technologies.