Introducing the release of Nexus Repository 3.22. Our product teams are excited to announce SAML/SSO authentication for Nexus Repository Pro. In addition to SAML/SSO, this release includes proxy support for Conan native format in both Nexus Repository Pro users and our free version, Nexus Repository OSS. Conan is the decentralized, portable, and extensible package manager for C/C++ projects.
Amidst much anticipation, Nexus Repository Pro now provides users the ability to authenticate with Security Assertion Markup Language (SAML) identity providers. Using SAML, users can now experience single sign-on (SSO) when logging into the Nexus ecosystem. In the reading ahead, we will ‘pop the hood’ on SAML to learn how it works with Nexus Repository Pro, what benefits users can gain setting up the SAML integration, and key highlights for both Nexus Repository admins and developers.
SAML and Nexus Repository Pro
To begin, below is a list of what is being delivered for SAML/SSO support in Nexus Repository Pro. For helpful tutorial information, check out the SAML Quick Start Guide covering step-by-step instructions on how to set up and configure SAML and Single Sign-On functionality in Nexus Repository Pro.
Nexus Repository Admin
- SAML Security Realm
- SAML IdP Config Page
- SAML Service Provider Metadata Endpoint
- SAML User Management
Nexus Repository User
- SAML Single Sign On Experience
SAML is designed to secure browser-based interactions. SAML is an XML-based, open standard that enables single sign-on (SSO) to web- and cloud-based applications and services. Configuring the SAML integration, Nexus Repository Pro users have the ability to use a single set of login credentials to access Nexus Repository and other enterprise applications. The workings of SAML support in Nexus 3.22 illustrates the interaction between a SAML service provider (SP), in this case Nexus Repository Pro application, and an identity provider (IdP).
A full list of Identify Providers supported with Nexus Repository Pro is listed below in the key highlights section.
In a typical workflow, users will attempt to access the secured Nexus Repository application, which directs them to the identity provider to log in. Once the identity provider verifies user identity for authentication, the identity provider then redirects the users back to the secured service provider (Nexus Repository application) along with authorization information - an HTTP response with XML-based security information called a SAML assertion. This authorization information can include groups that users are members of. If groups are provided, Nexus Repository Pro will match the IdP-provided group names to Nexus Repository role names for access to certain user privileges. External group mappings can also be added to provide additional flexibility to handle specific organization taxonomy. Once users are authenticated by the SAML identity provider, Nexus Repository Pro will use the regular web session to manage access to the Nexus Repository UI.
SAML Benefits and Key Highlights
There have been several Nexus Repository Pro customers who have requested SAML/SSO support for the ability to use Single Sign-On rather than LDAP for authentication, or specific customers who might have audit compliance requirements which are easier to meet when all software applications use the same SAML federation. Whether the release of SAML/SSO provides new methods of authentication, supports compliance and policy requirements, or improves overall user experience, customers can now take advantage of these benefits from setting up the SAML integration with Nexus Repository Pro.
So, why use the new SAML integration with Nexus Repository Pro?
Nexus Repository Admin
- Interoperable standardization across multiple applications (i.e. Jenkins, Jira, JetBrains, etc)
- Consolidation for identity management
- Reduced costs of maintaining individual account credentials
- Reduced setup time for all internal users
- Enhanced security for internal users / ability to authenticate from
- Audit compliance requirements
Nexus Repository User
- Single Sign-On Experience
- More secure logins (i.e. two-factor authentication)
Nexus Repository Pro customers also have the benefit of using any of these identity providers for SAML integration.
List of Supported Identity Providers
- Auth0
- Keycloak
- Microsoft AD/ADFS
- Okta
- OneLogin
- PingFederate
Additional Items
For a complete list of Nexus Repository 3.22 release details and also any questions you may have, please refer to the items below.
- Nexus Repository 3.22 full release notes
- Documentation for Conan Repositories
- Documentation for SAML/SSO support
- Customer Education SAML Quick Start Guide
- Nexus community, support, and additional product guides at my.sonatype.com
