Introducing the release of Sonatype Nexus Repository 3.22. Our product teams are excited to announce SAML/SSO authentication for Sonatype Nexus Repository. In addition to SAML/SSO, this release includes proxy support for Conan native format in both Sonatype Nexus Repository users and our free version, Sonatype Nexus Repository OSS. Conan is the decentralized, portable, and extensible package manager for C/C++ projects.
Amidst much anticipation, Sonatype Nexus Repository now provides users the ability to authenticate with Security Assertion Markup Language (SAML) identity providers. Using SAML, users can now experience single sign-on (SSO) when logging into the Sonatype platform. In the reading ahead, we will "pop the hood" on SAML to learn how it works with Sonatype Nexus Repository, what benefits users can gain setting up the SAML integration, and key highlights for both Sonatype Nexus Repository admins and developers.
To begin, below is a list of what is being delivered for SAML/SSO support in Sonatype Nexus Repository.
SAML Security Realm
SAML IdP Config Page
SAML Service Provider Metadata Endpoint
SAML User Management
SAML Single Sign On Experience
SAML is designed to secure browser-based interactions. SAML is an XML-based, open standard that enables single sign-on (SSO) to web- and cloud-based applications and services. Configuring the SAML integration, Sonatype Nexus Repository users have the ability to use a single set of login credentials to access Sonatype Nexus Repository and other enterprise applications. The workings of SAML support in Sonatype Nexus Repository 3.22 illustrates the interaction between a SAML service provider (SP), in this case Sonatype Nexus Repository application, and an identity provider (IdP).
A full list of Identify Providers supported with Sonatype Nexus Repository is listed below in the key highlights section.
In a typical workflow, users will attempt to access the secured Sonatype Nexus Repository application, which directs them to the identity provider to log in. Once the identity provider verifies user identity for authentication, the identity provider then redirects the users back to the secured service provider (Sonatype Nexus Repository application) along with authorization information - an HTTP response with XML-based security information called a SAML assertion. This authorization information can include groups that users are members of. If groups are provided, Sonatype Nexus Repository will match the IdP-provided group names to Sonatype Nexus Repository role names for access to certain user privileges. External group mappings can also be added to provide additional flexibility to handle specific organization taxonomy. Once users are authenticated by the SAML identity provider, Sonatype Nexus Repository will use the regular web session to manage access to the Sonatype Nexus Repository UI.
There have been several Sonatype Nexus Repository customers who have requested SAML/SSO support for the ability to use Single Sign-On rather than LDAP for authentication, or specific customers who might have audit compliance requirements which are easier to meet when all software applications use the same SAML federation. Whether the release of SAML/SSO provides new methods of authentication, supports compliance and policy requirements, or improves overall user experience, customers can now take advantage of these benefits from setting up the SAML integration with Sonatype Nexus Repository.
So, why use the new SAML integration with Sonatype Nexus Repository?
Interoperable standardization across multiple applications (i.e. Jenkins, Jira, JetBrains, etc.)
Consolidation for identity management
Reduced costs of maintaining individual account credentials
Reduced setup time for all internal users
Enhanced security for internal users / ability to authenticate from
Audit compliance requirements
Single Sign-On Experience
More secure logins (i.e. two-factor authentication)
Sonatype Nexus Repository customers also have the benefit of using any of these identity providers for SAML integration.
Auth0
Keycloak
Microsoft AD/ADFS
Okta
OneLogin
PingFederate
For a complete list of Sonatype Nexus Repository 3.22 release details and also any questions you may have, please refer to the items below.
Documentation for Conan Repositories