# Setup in SonarQube Community Build

This page explains how to set up SAML with Ping Identity in in SonarQube Community Build. This is the second step of SAML authentication setup with Ping Identity. For an overview of the complete setup, see [introduction](https://docs.sonarsource.com/sonarqube-community-build/instance-administration/authentication/saml/ping-identity/introduction "mention").

Proceed as follows:

1. Go to **Administration > Configuration > General Settings > Authentication> SAML**.
2. Select **Create Configuration**.

<figure><img src="broken-reference" alt="Select the Create Configuration button to create a new SonarQube configuration for SAML"><figcaption></figcaption></figure>

3. Fill in the fields as explained in the table below.
   * Some fields must be filled with the values set in the application created in PingOne (or PingFederate) during the setup in Ping Identity (see [setup-in-ping-identity](https://docs.sonarsource.com/sonarqube-community-build/instance-administration/authentication/saml/ping-identity/setup-in-ping-identity "mention")). To retrieve these values, retrieve the application in PingOne as follows: go to **Applications > Applications** and open the application’s detail page.
   * Some fields must be filled with values retrieved from the metadata file downloaded in **Step 2** of [setup-in-ping-identity](https://docs.sonarsource.com/sonarqube-community-build/instance-administration/authentication/saml/ping-identity/setup-in-ping-identity "mention").

<table><thead><tr><th width="224">Field in in SonarQube</th><th>Description</th></tr></thead><tbody><tr><td>Application ID</td><td>In the application’s <strong>Configuration</strong> tab: <strong>Entity ID</strong>.</td></tr><tr><td>Provider ID</td><td>Is retrieved from the downloaded metadata file. See below.</td></tr><tr><td>Provider Name</td><td>Name of the Identity Provider displayed in in SonarQube login page when SAML authentication is active.</td></tr><tr><td>SAML Login URL</td><td>Is retrieved from the downloaded metadata file. See below.</td></tr><tr><td>Identity provider certificate</td><td>Is retrieved from the downloaded metadata file. See below.</td></tr><tr><td>SAML user login attribute</td><td><code>login</code></td></tr><tr><td>SAML user name attribute</td><td><code>name</code></td></tr><tr><td>SAML user email attribute</td><td><code>email</code></td></tr><tr><td>SAML group attribute</td><td><code>group_names</code></td></tr></tbody></table>

<details>

<summary>Retrieving values from the downloaded metadata file</summary>

1. Open the metadata file (`saml2-metadata-idp-<UUID>.xml`) you downloaded in **Step 2** of [setup-in-ping-identity](https://docs.sonarsource.com/sonarqube-community-build/instance-administration/authentication/saml/ping-identity/setup-in-ping-identity "mention"). This file contains your X.509 certificate.
2. Find the `<md:EntityDescriptor...` node and look for the `entityID` attribute. Set this value as your SonarQube Community Build’s **SAML Provider ID**.

<figure><img src="broken-reference" alt="Find the <md:EntityDescriptor... node in Ping Identity&#x27;s metadata file"><figcaption></figcaption></figure>

3. Find the first instance of `<md:SingleSignOnService...` node and look for the `Location` attribute. Set this value as your in SonarQube Community Build’s **SAML Login URL**.

<figure><img src="broken-reference" alt="Find the first instance of <md:SingleSignOnService... node in Ping Identity&#x27;s metadata file"><figcaption></figcaption></figure>

4. Find the `<ds:X509Certificate>` node. Set its contents as the in SonarQube Community Build’s **Identity provider certificate**. Note that end-of-line spaces and new line characters are fine, it does not need to be all on one line of text.

<figure><img src="broken-reference" alt="Find the <ds:X509Certificate> node in the Ping Identity&#x27;s metadata file"><figcaption></figcaption></figure>

</details>

4. Save the configuration.
5. Before enabling SAML authentication on in SonarQube Community Build, you can verify that the configuration is correct by selecting **Test Configuration**. This will initiate a SAML login and return useful information about the SAML response obtained from the identity provider.
6. Select **Enable configuration**.
7. Check that the SonarQube Community Build login form now contains a SAML login button. The text highlighed in the figure below can be configured through the **Provider Name** field of the SAML configuration in SonarQube Server.

<figure><img src="broken-reference" alt="SonarQube Server login form with login button for SAML"><figcaption></figcaption></figure>

## Related pages <a href="#related-pages" id="related-pages"></a>

* [overview](https://docs.sonarsource.com/sonarqube-community-build/instance-administration/authentication/saml/overview "mention")
* [setup-in-ping-identity](https://docs.sonarsource.com/sonarqube-community-build/instance-administration/authentication/saml/ping-identity/setup-in-ping-identity "mention")
* [optional-security-features](https://docs.sonarsource.com/sonarqube-community-build/instance-administration/authentication/saml/ping-identity/optional-security-features "mention")


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sonarsource.com/sonarqube-community-build/instance-administration/authentication/saml/ping-identity/setup-in-sq.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.