Artifactory group association SAML/ADFS

Question

We are using Artifactory 6.3.3 and trying to implement SSO with SAML via ADFS. The basics work fine, but the group associations don't.

The user can log in, but the group repository permissions aren't used. The SAML logger says that there are (for my test user) 76 groups resolved via saml, so Artifactory gets the group information, but doesn't seem to use it.

There was another question about this here (Artifactory: SAML SSO group matching not working) that unfortunately doesn't have an answer either and I could not find anything else.

Can anyone provide some more information? How are the logs supposed to look like when it's working? I'm not getting any errors at all.. Can anyone give me a hint what I should be looking at to get the whole thing working?

Answer 1

Which guide are you following?

You need to use artifactory user plugins.

1. Set up and enable Artifactory LDAP and LDAP Groups using this solution.

2. Set up and import LDAP groups. https://www.jfrog.com/confluence/display/RTF/LDAP+Groups

3. Create permission rules for the LDAP Groups.

4. Login to Artifactory using an LDAP user.

Answer 2

I added to https://stackoverflow.com/a/68001069/10386978 that this can be done by the SCIM feature of JFROG.

SAML SSO only synchronizes groups of users for the UI but not for API requests which contains builds of a developer machine for example.

For the synchronization via SAML, a group with the exact same name needs to be existent.