https://sourcegraph.example.com
with your Sourcegraph URL):
Audience
: https://sourcegraph.example.com/.auth/saml/metadataRecipient
: https://sourcegraph.example.com/.auth/saml/acsACS (Consumer) URL Validator
: https://sourcegraph\\.example\\.com\\/\\.auth\\/saml\\/acshttps://sourcegraph.example.com/.auth/saml/acs
)ACS (Consumer) URL
: https://sourcegraph.example.com/.auth/saml/acshttps://mycompany.onelogin.com/saml/metadata/123456
or
https://app.onelogin.com/saml/metadata/123456
. Record this for the next section.externalURL
is set the same Sourcegraph URL you used in the previous section (i.e., what you replaced https://sourcegraph.example.com
with). Be mindful to use the exact same scheme (http
or https
), and there should be no trailing slash.auth.providers
with type
"saml" and identityProviderMetadataURL
set to the
Issuer URL recorded from the previous section. Here is an example:{ // ... "externalURL": "https://sourcegraph.example.com", "auth.providers": [ { "type": "saml", "identityProviderMetadataURL": "<issuer URL>" } ] }
Confirm there are no error messages in the sourcegraph/server
Docker container logs (or the
sourcegraph-frontend
pod logs, if Sourcegraph is deployed to a Kubernetes cluster). The most
likely error message indicating a problem is Error prefetching SAML service provider metadata
. See
SAML troubleshooting for more tips.