Skip to main content

(Optional) Configuring Code Insight to Sign SAML Requests

The following procedure describes how to configure Code Insight (as the Service Provider) to sign all SAML requests sent to the Identity Provider. While this task is optional in configuring Code Insight for SSO, you might need to perform it if your organization’s security policy requires such a signature.

To configure Code Insight to sign SAML requests sent to the Identity Provider, do the following:

  1. Provide the name ID policy required for the SAML-request signatures. Use these steps.

  2. Locate the following file in your Code Insight installation and open it in a text editor: tomcat/webapps/codeinsight/WEB-INF/classes/application-security-common.xml

  3. Add the following bean to the file contents:

    <bean id="samlEntryPoint" class="com.palamida.appsec.web.security.sso.PalamidaSAMLEntryPoint">

    <property name="defaultProfileOptions">

    <bean class="org.springframework.security.saml.websso.WebSSOProfileOptions">

    <property name="nameID" value="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" />

    </bean>

    </property>

    </bean>

  4. Save the file.

  5. Configure Code Insight to sign all SAML requests. Use these steps:

    1. Locate the following file in your Code Insight installation and open it in a text editor: config\core\security\SPMetadata.xml.
    2. In the file, set the AuthnRequestsSigned property to true.
    3. Save the file.

  6. Restart the Tomcat server to put this entire configuration into effect.

note

Starting in the 2025 R4 release, the above procedure to configure Code Insight (as the Service Provider) to sign all SAML requests is no longer applicable, as this required configuration to sign all SAML requests can be managed using the saml.signing.enabled property in the core.sso.common.properties file.