Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

confluence 7 SAMl SSO with Azure AD

Alan Cheng
Alan Cheng August 21, 2021

Hello everyone,

 

I'm trying to setup SSO with SAML 2.0 on confluence DC version, with Azure AD as IdP. but I'm a bit lost at what claims are required for this and what I should use for user mapping.

any pointers?

 

== edit ==

I tried ${NameID}, but didn't work. got errors like below:

 -- referer: https://login.microsoftonline.com/ | url: /plugins/servlet/samlconsumer  traceId: 3c6032fed8d58f2d | userName: anonymous
com.atlassian.plugins.authentication.impl.web.saml.provider.InvalidSamlResponse: Received invalid SAML response: Signature validation failed. SAML Response rejected

also double checked with our IdP admins that Azure just signed the assertion port of the response, and the ertificate is correct. 

Answer
Watch
Like Dar Kronenblum likes this
1125 views

3 answers

0 votes
Alan Cheng
Alan Cheng August 24, 2021

Hi Lokesh,

 

right, JIT user creation is NOT enabled. 

I noticed that setting but thought that, with SSO, all user information should be coming from Azure AD instead of created/stored locally in Confluence DB.

And I remember I saw that option was NOT enabled on another confluence instance in the company I work for but still SSO works fine.

anyway, I'll double check and enable that option and see what happens.

Thanks again for the responses!

 

nice doc, by the way!

Reply
0 votes
Alan Cheng
Alan Cheng August 23, 2021

Hi Lokesh,

thanks for the response!

I verified thtat the certificate is correct and IdP just sign the assertion portion of the response.

 

also, I upgraded SAML plugin after some debugging and now I got a different error saying the user <xxx> does not exist. 

View More Comments
Lokesh Naktode_miniOrange
Lokesh Naktode_miniOrange
Atlassian Partner
August 24, 2021

Hi Alan,

It seems the Just in Time user creation is disabled in the SSO App configuration or user identifier mapping is wrong (usually username -->with--> NameID from SAML Response).  Please map the correct attribute (which contains the confluence username in SAML Response) with the username and try again.

In case if you are using the miniOrange SSO plugin then the below docs will guide you through the mapping or you can reach out to miniOrange Support for a faster and free end-to-end setup.

https://docs.miniorange.com/documentation/saml/configure-idp/edit-idp-settings/user-profile

Like
Reply
0 votes
Lokesh Naktode_miniOrange
Lokesh Naktode_miniOrange
Atlassian Partner
August 21, 2021

Hi @Alan Cheng ,

 

invalid SAML response: Signature validation failed. SAML Response rejected

This error means the SAML IDP Signing (X.509) certificate in the Confluence --> SAML 2.0 configuration is wrong. Please check the Azure AD SAML metadata for the correct X.509 certificate and update it on the configuration. I hope this will resolve the issue.

You can also take a look at the third-party SAML SSO add-ons available on the Atlassian Marketplace such as from miniOrange which can provide an easy configuration and troubleshooting along with a few more advanced features. 

PS:

This is Lokesh and I work for miniOrange one of the top vendors on the Atlassian Marketplace 

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security