TestRail lets you integrate with your preferred SSO identity provider (IDP) using SAML 2.0, OAuth 2.0, and OpenID Connect protocols. Once you enable the SSO configuration, you can choose your preferred protocol.
This guide specifically helps you with the SAML 2.0 - ADFS protocol configuration. Follow these instructions to setup ADFS for SSO:
- In ADFS Management, navigate to Trust Relationships -> Relying Party Trust area
- Click Add Relying Party Trust in the right panel window
- Click Start, and select Enter data about relying party manually
- Click Next, and enter the Display Name
- Click Next on Configure Certificate Page
- Select Enable Support for SAML 2.0 WebSSO Protocol and the Single Sign on URL from the TestRail SSO configuration page
- Click Next, and add the metadata as well as the index.php link for Relying Party Trust Identifier
- Click Next for all the other pages and configure as per your requirement and click Finish
Add the Following Edit Claim Rules for the Relying Party Trust
- Claim Rule Template -> Send LDAP Attributes as Claim
- Enter Rule name and select attribute store as Active Directory
- Map the LDAP attributes to output claim as follows: (Make sure all the details in the table are entered for the user in Active Directory Users and Computers)
LDAP Attribute Outgoing Claim Type User-Principal-Name UPN Given-Name Given Name Surname Surname E-Mail-Addresses E-Mail Address Display-Name Name
- Save the Rule
- Claim Rule Templates -> Transform an Incoming Claim
- Enter the Claim Rule Name
- Set the following values for the Rule Template:
Incoming Claim Type UPN Incoming Name ID Format Unspecified Outgoing Claim Type Name ID Outgoing Name ID Format
- Check Pass through all claims value and save the rule
- Click Authentication Policy, under Primary Authentication - Global Settings. Edit the Authentication Method and add Forms Authentication in Extranet as well as Intranet.
Add User in TestRail to enable SSO for ADFS
- Add new User under Users & Roles, Specify the email address same as on the ADFS server side.
- Enable Single Sign-on (SSO) Authentication.
- Under Service - Certificate select Token-Signing Certificate.
- Right click on the certificate to view and Copy to File under the details tab.
- Copy the certificate to desired location making sure the format of certificate is Base-64 encoded X.509 (.CER).
- Upload the certificate into TestRail.
- Copy the FQDN value for your server in IDP Issuer URL and append /adfs/ls
For SAML Assertion Encryption
- Obtain a public key certificate that matches a private key that's configured in the application.
- The public key should be stored in an X.509 certificate file in .cer format.
- Add the certificate in the encryption tab for the Relying Party Trust.
- In the TestRail SSO settings, enable encrypted assertions.
- Copy the private key obtained in step 1.