Burp Suite Enterprise Version lets you handle person authentication centrally by way of SAML-based single sign-on (SSO). As soon as configured, customers will have the ability to log in utilizing their present credentials, eradicating the necessity to create and handle devoted person accounts in Burp Suite Enterprise Version.
To configure SAML SSO, you should set up a trusted connection between the service supplier (Burp Suite Enterprise Version) and your SAML identification supplier. Integration with the next suppliers has been totally examined:
- Energetic Listing Federation Providers (ADFS)
- Azure Energetic Listing
Configuring this connection requires you to carry out steps each inside the Burp Suite Enterprise Version internet UI and within the administration settings in your identification supplier. For precise particulars of easy methods to carry out a few of these steps, chances are you’ll must seek the advice of your identification supplier’s documentation.
You can too combine SCIM together with SAML. This implies you are in a position to create, replace, and delete customers and teams by way of SCIM, leaving SAML solely for dealing with authentication. This additionally supplies higher transparency as a result of it allows you to view key particulars about your customers and teams from straight inside Burp Suite Enterprise Version.
Add Burp Suite Enterprise Version to your trusted functions
Step one is so as to add Burp Suite Enterprise Version to your identification supplier’s record of trusted functions. Please observe that this course of has varied names relying in your identification supplier. If you’re utilizing Okta or Azure Energetic Listing, that is recognized merely as “including an software”. ADFS. nonetheless, refers to “including a relying celebration belief”.
Some identification suppliers, together with Azure AD, will solely allow you to add Burp Suite Enterprise Version as a trusted software if in case you have enabled HTTPS in your internet server.
For normal deployments of Burp Suite Enterprise Version, you are able to do this from the “Community” settings web page by deciding on the “Allow TLS” possibility.
For Kubernetes deployments, you should add an HTTPS listener to the load balancer that Kubernetes controls.
- Log in to Burp Suite Enterprise Version as an administrator.
- From the settings menu, choose “Integrations”.
- On the “SAML” tile, click on the “Configure” button.
- Within the “Relying belief info” part, discover which you could copy each the “Relying celebration belief identifier” and the “Relying celebration service URL” for Burp Suite Enterprise Version. Go to the administration settings in your identification supplier and use these values so as to add a brand new software (or relying celebration belief) for Burp Suite Enterprise Version. Please seek the advice of your identification supplier’s documentation for particulars on how to do that.
Receive key particulars out of your identification supplier
As you have to to enter some particulars about your identification supplier, we suggest gathering this info earlier than you begin the configuration in Burp Suite Enterprise Version. Precisely the place you could find this info will rely in your identification supplier, nevertheless it must be simply out there.
Sadly, the terminology utilized by totally different identification suppliers can fluctuate dramatically. The place potential, we have now supplied some generally used various names for the required info.
You have to the acquire the next:
The identification supplier Entity ID. That is the globally distinctive title in your identification supplier that shall be despatched because the
Issuerworth in SAML responses. That is often a URL. Various names embody “Federation service identifier” and “Identification supplier issuer”.
- The identification supplier SSO URL. That is the URL to which Burp Suite Enterprise Version will ship customers once they select to log in utilizing SAML.
The identification supplier’s token-signing certificates. Burp Suite Enterprise Version makes use of this to confirm that the SAML response was genuinely issued by the identification supplier. That is recognized by many various names, together with a number of variations of the next:
- Identification supplier (public) certificates
- SAML certificates
- Identification supplier public key
Enter your identification supplier particulars
After you have gathered the required particulars about your identification supplier, the subsequent step is to enter this info in Burp Suite Enterprise Version.
- In Burp Suite Enterprise Version, navigate to the “SAML” integration settings.
- Within the “Firm particulars” part, enter the title of your group. This shall be displayed within the SSO hyperlink on the Burp Suite Enterprise Version login web page.
- Underneath “SAML configuration”, choose the identification supplier to which you wish to join.
- Use the corresponding fields to enter the identification supplier info that you just obtained earlier.
Extra identification supplier configuration
To finish the configuration, you should carry out some further steps which might be particular to your identification supplier.
If you’re utilizing an identification supplier apart from those talked about, you have to to configure how the safety teams are despatched to Burp Suite Enterprise Version. The main points of it will fluctuate between suppliers, however right here is an instance of a bunch attribute assertion, the place the group title is “Scan viewers”:
<AttributeStatement><Attribute Identify="http://schemas.xmlsoap.org/claims/Group"><AttributeValue>Scan viewers</AttributeValue></Attribute></AttributeStatement>
Configuring single logout
Burp Suite Enterprise Version additionally supplies non-compulsory assist for single logout (SLO). When enabled, logging out of Burp Suite Enterprise Version will routinely log customers out of the identification supplier as nicely. This helps stop customers from inadvertently remaining logged in to a number of functions. If you don’t allow this feature, customers will stay logged in to the identification supplier even after logging out of Burp Suite Enterprise Version.
When Burp Suite Enterprise Version generates a single logout message, it indicators it in case the receiving celebration makes use of a signature to validate the message.
To configure single logout:
- Generate a self-signed x509 certificates particularly for single logout.
- In Burp Suite Enterprise Version, navigate to the “SAML” choices.
- Underneath “Relying belief info”, copy the Relying celebration single logout URL. Depart this web page open for now.
- Go to your identification supplier’s admin panel and edit the SAML settings in your Burp Suite Enterprise Version integration. Paste the URL out of your clipboard into the suitable discipline.
- Receive the Single Logout URL out of your identification supplier. That is the URL to which Burp Suite Enterprise Version ought to redirect customers once they log off. This may increasingly have a special title relying in your identification supplier.
- Again in Burp Suite Enterprise Version, allow the “Use single logout” possibility.
- Paste the URL that you just obtained out of your identification supplier into the “Identification supplier single logout URL” discipline.
- Paste your self-signed certificates into the “Service supplier certificates” discipline.
- Paste the personal key into the “Service supplier personal key” discipline.
Some identification suppliers, resembling Okta, require single logout messages to be signed with the intention to confirm that they got here from a trusted supply. On this case, you might also must add the certificates that you just generated to your identification supplier.