Have a question? Want to report an issue? Contact JFrog support

Skip to end of metadata
Go to start of metadata

Overview

From Xray version 1.9 and Artifactory version 5.6, Xray lets you manage user authentication through one of the Artifactory instances it is connected to. This opens up the ability to use the LDAP/Crowd or SAML corporate authentication facilities that Artifactory uses which, in turn, lets you import users and groups defined in the corresponding LDAP/Crowd or SAML authentication server. The Artifactory instance through which you authenticate users is known in Xray as your "Authentication Provider".

This is in addition to the ability to define users in Xray and provide them with login credentials.

Method of Authentication

The method Xray uses to authenticate a user trying to log in depends on whether Xray is configured with an Authentication provider, and if so, the authentication mechanisms configured (LDAP/Crowd or SAML) for that authentication provider as described below.

Order of Attempting Authentication

In any case, Xray will always try authenticate a user with the following order:

  1. SAML
    If a SAML server is  configured for the Artifactory instance set as the authentication provider, the login screen displays an icon letting the user login using SAML. If the user clicks this icon, SAML is used for authentication
  2. Credentials
    If the user logs in using his username and password then Xray will try to authenticate in the following order
    1. Through LDAP/Crowd if configured for the Artifactory instance set as the authentication provider
    2. Through users defined in the Artifactory instance set as the authentication provider
    3. Through users defined internally in Xray 
Page Contents

 


Without an Authentication Provider

If no authentication provider is configured in Xray, only users defined in Xray can log in according to the credentials defined for them within Xray as described under Managing Users.  Clearly, in this case, you can also only specify Permissions for internal Xray users.

With an Authentication Provider

If Xray is configured with an authentication provider then it will try to authenticate a user according to the authentication mechanism configured for the corresponding Artifactory instance. In this case, you can also specify Permissions for users defined in the LDAP/Crowd or SAML server of the Artifactory instance set as the authentication provider, as well as for the authentication provider's internal users.

Using SAML

If the authentication provider uses SAML SSO, then the Xray login screen will display a button that the user can use to log in and will be authenticated against the SAML server configured in the corresponding Artifactory instance. 

Xray Login Screen with SAML

SAML is not compulsory

Even if Xray is configured with an authentication provider that uses SAML, a user can try to login by entering her username and password. In this case, Xray will authenticate the credentials as described in Order of Attempting Authentication.

Using LDAP/Crowd

If the authentication provider uses LDAP/Crowd, then the user will enter login credentials using the Xray login screen, but will be authenticated through the LDAP/Crowd server configured in the corresponding Artifactory instance. If authentication fails, Xray will then try to authenticate the credentials provided as described in Order of Attempting Authentication.

Using LDAP/Crowd and SAML Together

While it is not a typical scenario, an Artifactory instance that has been set as the authentication provider for Xray may be configured with both an LDAP/Crowd and a SAML server. In this case, the Xray login screen will display a button that the user can use to log in and will be authenticated against the SAML server.

If the user prefers to enter login credentials, Xray will try authenticate her through the LDAP/Crowd server configured in the Artifactory instance set as the authentication provider. If authentication fails, Xray will then try to authenticate the credentials as described in Order of Attempting Authentication. 

Configuring an Authentication Provider

You can set any of the Artifactory instances to which Xray is connected as the Authentication Provider.

Selecting an Authentication Provider

To set an authentication provider, in the Admin module, select Security | Authentication.

In the Authentication screen, under Authentication Provider, the Authentication Instance field displays the connected Artifactory instances. Select one of those instances to be the authentication provider.

Configuring an authentication provider

Once the authentication provider is set, Xray will authenticate users logging in as described above.

SAML Auto Redirect

When set, Xray will try to log the user in through SAML. If the user is already logged in through SAML (through the connected Artifactory instance, or any other application), Xray will automatically log him in using the same SAML server for authentication. If the user is not logged in, Xray will display the SAML login screen.

 

 

 

 

  • No labels