LogoLogo
diffblue.comFree trial
  • Discover Diffblue Cover
  • Get Started
    • What is Diffblue Cover?
    • Get started
      • Free trial
      • Get started - Cover Plugin
      • Get started - Cover CLI
      • Get started - Cover Pipeline
      • Get started - Cover Reports
    • Specs & Reqs
    • Reference Deployments
    • Licensing
      • Online license activation
      • Offline license activation
      • Diffblue License Manager
    • Update Cover
    • FAQs
    • Diffblue Learning
      • Get started
        • Just the basics
        • Free trial
        • Cover Plugin (IDE)
        • Cover CLI (Command Line)
      • Developer
        • Unit tests (IDE)
        • Unit tests (CLI)
        • Test coverage
      • DevOps
        • GitHub
        • GitLab
        • Other CI
      • Administrator
        • Admin - IntelliJ
        • Admin - CLI
        • Admin - Reports
      • Test coverage
        • Developer
        • Senior developer
        • Cover Reports Administrator
  • EVALUATION & ONBOARDING
    • Proof of Value
    • Jumpstart
      • Prerequisites for onboarding
      • Phase 1: Up and running
        • Module 1: Create your Cover unit test baseline
        • Module 2: Cover Pipeline CI integration
      • Phase 2: Developer productivity
        • Module 3: Getting started using Cover
        • Module 4: Introduction to Cover Reports
      • Phase 3: Advanced topics
        • Module 5: Speed up your test execution
        • Module 6: Getting more from Cover
  • Features
    • Cover Plugin
      • Writing tests
        • Gutter icons
        • Menu options
        • Run configurations
        • Cover Plugin tool window
        • Test Review
        • Test examples
        • Creating partial tests
        • Creating skeleton tests
        • Covering all enum values
        • Test insertion order
        • Diffblue Sandbox
        • Environment Check Cache
      • Project configuration
        • General dependencies
        • Test framework dependencies
      • Cover Plugin settings
        • Test Naming
        • Test Formatting
        • Spring configuration options
        • Method Annotations
        • Test Directory
        • Reset Cover Plugin settings
      • Cover Plugin admin
        • Core Maintenance
        • Cover Plugin toolbar menu
        • Cover Plugin status bar widget
        • Telemetry
        • Memory management
        • Using SonarQube with Cover Plugin
        • Log files
        • Troubleshooting
    • Cover CLI
      • Writing tests
        • Command summary
        • Test examples
        • Creating partial tests
        • Customizing test inputs
        • Customizing test setup
        • Test naming
        • Test formatting
        • Test insertion order
        • Patch files
        • Diffblue Sandbox
        • Operational behaviors
        • Test validation
      • Project configuration
        • Preflight checks
        • General dependencies
        • Test framework dependencies
        • Compiling your project successfully
          • Building a Maven project
          • Building a Gradle project
        • Configuring Cover to work with your project's build system
          • Quick guide
          • Configuration file in detail
          • Getting Started with Ant Projects
          • Default configuration
        • Mocking using Mockito
        • Spring profiles
        • Runtime environment
      • Commands & Arguments
        • Environment configuration for CI
        • Packages, classes, and methods
        • Quoting command line arguments
        • Argument files
      • Cover CLI admin
        • Core Maintenance
        • Telemetry
        • Memory management
        • Using Cover CLI in Eclipse
        • Using SonarQube with Cover CLI
        • Log files
        • Troubleshooting
      • Environment Configuration
    • Cover Pipeline
      • Cover Pipeline for CI
        • Quick Start - General
        • Quick Start - Jenkins
        • Quick Start - Azure Pipelines
        • Quick Start - AWS Codebuild
        • Integrating Diffblue Cover into CI on pull requests
        • Installation - VMs or CI run
      • Cover Pipeline for GitLab
        • Introduction
        • Installation and initial setup
        • GitLab workflow
        • Configuration
        • Troubleshooting
        • Related topics
      • Cover Pipeline for GitHub
        • Introduction
        • Installation and initial setup
        • GitHub workflow
        • Configuration
        • Troubleshooting
        • Related topics
    • Cover Reports
      • Cover Reports Contributor
        • Java project config (JaCoCo)
        • Generate and upload reports bundles
        • Authenticated uploads
      • Cover Reports User
        • Navigation
        • Dashboards
        • Telemetry data
        • Export API
        • Considerations
      • Cover Reports Administrator
        • Install and update Cover Reports
        • Configuration options
        • Database backup
        • SSO with Cover Reports
        • Uninstall Cover Reports
    • Cover Optimize
      • Get started - Cover Optimize
      • Cover Optimize & Gradle
      • Cover Optimize & Maven
      • Patch files
    • Cover Refactor
      • Get started - Cover Refactor
    • Cover Annotations
      • Mocking Annotations
      • Custom Input Annotations
      • Interesting Value Annotations
    • Output Codes
      • E - Environment Codes
      • L - License Codes
      • R - Reason Codes
      • T - Testability Codes
      • V - Validation Codes
      • Working with output codes
        • Working with code E020
        • Working with codes E057 to E065
        • Working with code E085
        • Working with code R005
        • Working with code R006
        • Working with code R008
        • Working with code R011
        • Working with code R012
        • Working with code R013
        • Working with code R026
        • Working with code R031
        • Working with code V003
    • Tutorials
      • How to measure test quality
      • How to improve code coverage
      • How to test a new feature
      • How to find regressions
      • How to use Diffblue Cover in test driven development (TDD)
      • How to write tests for Kotlin projects
      • Examples of tests created by Diffblue Cover
      • Best practices for testing private methods
  • Updates & Upgrades
    • Update Cover
    • Cover Editions
    • What's new
    • Release archive
      • 2025-05-01
      • 2025-04-02
      • 2025-04-01
      • 2025-03-02
      • 2025-03-01
      • 2025-02-02
      • 2025-02-01
      • 2025-01-02
      • 2025-01-01
      • 2024-12-02
      • 2024-12-01
      • 2024-11-02
      • 2024-11-01
      • 2024-10-02
      • 2024-10-01
      • 2024-09-02
      • 2024-09-01
      • 2024-08-02
      • 2024-08-01
      • 2024-07-04
      • 2024-07-03
      • 2024-07-01
      • 2024-06-02
      • 2024-06-01
      • 2024-05-02
      • 2024-05-01
      • 2024-04-02
      • 2024-04-01
      • 2024-03-02
      • 2024-03-01
      • 2024-02-02
      • 2024-02-01
      • 2024-01-02
      • 2024-01-01
      • 2023-12-02
      • 2023-12-01
      • 2023-11-03
      • 2023-11-02
      • 2023-11-01
      • 2023-10-02
      • 2023-10-01
      • 2023-09-02
      • 2023-09-01
      • 2023-08-02
      • 2023-08-01
      • 2023-07-03
      • 2023-07-02
      • 2023-07-01
      • 2023-06-02
      • 2023-06-01
      • 2023-05-02
      • 2023-05-01
      • 2023-04-02
      • 2023-04-01
      • 2023-03-02
      • 2023-03-01
      • 2023-02-02
      • 2023-02-01
      • 2023-01-02
      • 2023-01-01
      • 2022-12-02
      • 2022-12-01
      • 2022-11-02
      • 2022-11-01
      • 2022-10-03
      • 2022-10-02
      • 2022-10-01
      • 2022-09-02
      • 2022-09-01
      • 2022-08-05
      • 2022-08-03
      • 2022-08-02
      • 2022-08-01
      • 2022-07-02
      • 2022-07-01
      • 2022-06-02
      • 2022-06-01
      • 2022-05-02
      • 2022-05-01
      • 2022-04-02
      • 2022-04-01
      • 2022-03-02
      • 2022-03-01
      • 2022-02-02
      • 2022-02-01
      • 2022-01-02
      • 2022-01-01
      • 2021-06-02
      • 2021-02-01
  • Legal
    • Diffblue Legal
      • Diffblue End User License Agreement (EULA)
      • Cover Third Party Notices and/or Licenses
      • Privacy Notice
Powered by GitBook
On this page
  • Prerequisites
  • Authorization Code Grant Type
  • Integrating with an SSO Provider
  • Configuring the SSO Provider
  • Configuring Cover Reports
  • Authorization
  • Logout
  • Cover Reports User Sessions
  • Uploading to Cover Reports

Was this helpful?

Export as PDF
  1. Features
  2. Cover Reports
  3. Cover Reports Administrator

SSO with Cover Reports

PreviousDatabase backupNextUninstall Cover Reports

Last updated 2 months ago

Was this helpful?

SSO authentication is only provided by using the and protocols and connecting to an external SSO provider.

Currently, the supported providers are:

Other providers that use the same protocols are likely to work with similar configuration, but have not been tested by Diffblue.

SSO access control is only provided for the UI and any REST endpoints used by the UI. Access to other REST endpoints, e.g. for upload, is controlled using the internal JWT mechanism.

Prerequisites

  • A server running Cover Reports.

  • An SSO provider.

Authorization Code Grant Type

Cover Reports uses the flow.

When a user navigates to the Reports UI, they are redirected to the SSO provider which presents a login screen. The user enters their credentials and will be authenticated by the SSO provider. If successful, the user will be redirected back to the Reports home page.

Integrating with an SSO Provider

To integrate Cover Reports with an SSO provider:

  • The SSO provider must be configured with details of Cover Reports

  • Cover Reports must be configured with details of the SSO provider

Configuring the SSO Provider

However, it should be sufficient to note that the following properties must be set:

  • A client secret must be used to authenticate Cover Reports to this new client

  • The authorization code grant type must be used

  • The scope must be openid

Configuring Cover Reports

  • Add oauth2 to the active profile list - this enables SSO in Cover Reports

  • SSO client ID

  • SSO client secret

  • Type of authorization grant; must be authorization_code

  • Scope of user account accessible by Cover Reports; must be openid

  • URL of Cover Reports where the SSO will redirect the user after successful login

  • URL of the SSO provider that Cover Reports will use

The names of most of these properties depend on the SSO provider.

General Properties

Property
Description
Example value

spring.profiles.active

Specifies a comma separated list of profiles

postgres,oauth2

PingIdentity Specific Properties

Property
Description
Example value

spring.security.oauth2.client.registration.ping.provider

Name of spring.security.oauth2.client.provider

ping-provider

spring.security.oauth2.client.registration.ping.client-id

ID of SSO client

diffblue-cover-reports

spring.security.oauth2.client.registration.ping.client-secret

Secret of SSO client

some-secret-key

spring.security.oauth2.client.registration.ping.authorization-grant-type

Type of authorization grant. Must be authorization_code

authorization_code

spring.security.oauth2.client.registration.ping.scope

Scope of user account accessible by Cover Reports. Must be openid

openid

spring.security.oauth2.client.registration.ping.redirect-uri

URL of Cover Reports where the SSO will redirect the user after successful login

spring.security.oauth2.client.provider.ping-provider.issuer-uri

URL of the SSO provider that Cover Reports will use

Keycloak Specific Properties

Property
Description
Example value

spring.security.oauth2.client.registration.keycloak.provider

Name of spring.security.oauth2.client.provider

keycloak-provider

spring.security.oauth2.client.registration.keycloak.client-id

ID of SSO client

diffblue-cover-reports

spring.security.oauth2.client.registration.keycloak.client-secret

Secret of SSO client

some-secret-key

spring.security.oauth2.client.registration.keycloak.authorization-grant-type

Type of authorization grant. Must be authorization_code

authorization_code

spring.security.oauth2.client.registration.keycloak.scope

Scope of user account accessible by Cover Reports. Must be openid

openid

spring.security.oauth2.client.registration.keycloak.redirect-uri

URL of Cover Reports where the SSO will redirect the user after successful login

spring.security.oauth2.client.provider.keycloak-provider.issuer-uri

URL of the SSO provider that Cover Reports will use

SSO Profiles

To simplify this configuration, there are pre-configurations (or profiles) supplied in Cover Reports for the supported SSO providers. These provide default values for the required properties.

The profiles are:

  • ping - for the PingIdentity provider

  • keycloak - for the Keycloak provider

Only 1 of these profiles can be specified at any one time.

To specify the profile, the profile name must be appended to the end of the spring.profiles.active property.

For example, to enable SSO with the PingIdentity provider, the properties could be reduced to:

spring.profiles.active=postgres,oauth2,ping
spring.security.oauth2.client.registration.ping.client-secret=some-secret-key

Authorization

Authorization is managed by adding roles to users. This must be done within the SSO provider. The roles of each user must be set in the claims of the user details. Cover Reports will retrieve the user details from the SSO provider after a successful login and extract the roles from the claims.

The default name of the claim is cover-reports-roles which should contain a list of all the roles the user has.

This name can be customised by setting the reports.roles.claimNameWithRoles property, but it must align with that set in the SSO provider.

The roles in Cover Reports are:

Role
Description
Permissions

USER

a standard user

view all information

ADMIN

a privileged user

view all information; Delete runs; Access the administration page to perform administrative tasks

The names of these roles can be customised by setting the reports.roles.userName and reports.roles.adminName properties respectively.

Available Properties

Property
Description
Default value

reports.roles.claimNameWithRoles

Name of the claim in user details that has a list of roles

cover-reports-roles

reports.roles.userName

Name of the standard user role

USER

reports.roles.adminName

Name of the administrator role

ADMIN

Logout

Currently, there is no logout function in Cover Reports. This reflects the notion that a user with SSO would not want to logout of SSO from Cover Reports.

Cover Reports User Sessions

Cover Reports creates its own user session once a user has authenticated with the SSO provider. The session will remain active while the user interacts with the Cover Reports UI and is ended by inactivity. Note that the SSO provider cannot invalidate an active Cover Reports session.

Uploading to Cover Reports

Uploading information to Cover Reports works in the same way regardless of whether SSO is enabled or not.

Since the flow is a standard mechanism, it should be possible to configure any SSO provider in this way. However, each provider has a very different configuration; it is not within the scope of this document to describe it.

A new client must be created that has the ID: diffblue-cover-reports. This can be changed if necessary by specifying a property in the

A redirect URL must be set that matches the Cover Reports installation, e.g.

Once the SSO provider has been configured, there are several properties that must be set in Cover Reports :

User authentication is performed by configuring Diffblue Cover CLI and Cover Reports as .

OAUTH2
OIDC
PingIdentity
Keycloak
authorization code grant type
authorization code grant type
http://www.example.com:8080/login/oauth2/code/ping
see how to set properties
documented
Cover Reports configuration
http://
www.example.com
:8080/login/oauth2/code/ping
https://
www.example.com
:9031
http://
www.example.com
:8080/login/oauth2/code/keycloak
https://
www.example.com
:9031