Page MenuHomePhabricator
Create Task
Maniphest T336688

Add ApereoCAS as SSO provider for Semgrep Cloud Dashboard
Closed, DeclinedPublic
Actions

Description

Hello SRE -

We'd like to add ApereoCAS as an SSO option to Semgrep's Cloud Dashboard (semgrep.com/login). The Security-Team has purchased their supply chain tool and would prefer being able to auth via an in-house SSO (Apereo or Okta, if Apereo can't work) as opposed to github.com or gitlab.com. Semgrep's Cloud Dashboard currently supports OpenID and SAML 2, and I assume we'd prefer to use the latter? Anyhow, the required fields to add SAML 2 SSO support via their dashboard are: Email domain, IdP SSO URL, IdP Issuer ID and the certificate. Let me know if this works - not sure if we only use Apereo for Wikimedia-managed tools. If so, I can reach out to ITS about using Okta instead.

Event Timeline

sbassett created this task.May 15 2023, 4:57 PM
Restricted Application added a project: Infrastructure-Foundations. · View Herald TranscriptMay 15 2023, 4:57 PM
sbassett renamed this task from Add ApereoCAS as SSO option for Semgrep Cloud Dashboard to Add ApereoCAS as SSO provider for Semgrep Cloud Dashboard.May 15 2023, 4:58 PM
sbassett updated the task description. (Show Details)
Peachey88 subscribed.May 16 2023, 9:46 AM
MoritzMuehlenhoff added a comment.May 19 2023, 1:07 PM

So far we've been only using Apereo CAS for authentication against our self-hosted infrastructure. Given that SemGrep is more along the linesof other SaaS solutions provided to staff I think makes more sense to integrate it into Okta.

sbassett closed this task as Declined.May 19 2023, 2:03 PM
sbassett triaged this task as Low priority.
In T336688#8864603, @MoritzMuehlenhoff wrote:

So far we've been only using Apereo CAS for authentication against our self-hosted infrastructure. Given that SemGrep is more along the linesof other SaaS solutions provided to staff I think makes more sense to integrate it into Okta.

Ok, sounds good.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL