Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

What is procedure of adding application(JIRA Data Center) to the idP(ADFS) for enabling SSO?

Deleted user May 22, 2019

I am trying to implement Single Sign On for user authentication for my JIRA application. 

Identity provider in my case is Active Directory Federation Services. I am using the in built plugin present for JIRA Software Data Center to enable SAML Authentication. The links i am referring to accomplish my requirement are : 

https://confluence.atlassian.com/enterprise/adding-saml-integration-to-your-existing-user-management-infrastructure-861244976.html#AddingSAMLintegrationtoyourexistingusermanagementinfrastructure-MSADFS

https://confluence.atlassian.com/enterprise/saml-single-sign-on-for-atlassian-data-center-applications-857050705.html

According to which i am required to add my application to idP (mentioned in the below screenshot)

Capture5.PNG

I wish to the know the exact process for the same,  for ADFS as the idP.

What all information is required by ADFS to add JIRA as the application. And from where can i fetch that? 

Usually for adding other applications to ADFS, a metadata xml is submitted to the ADFS which is fetched from the application itself. Is there a process of procuring the xml (listing the information about application and configured Active Directory) in JIRA also ? If Yes, How can i procure it ?

 

Answer
Watch
Like Be the first to like this
1510 views

2 answers

1 accepted

0 votes
Answer accepted
Lokesh Naktode_miniOrange
Lokesh Naktode_miniOrange
Atlassian Partner
May 23, 2019

Hi @[deleted] 

To integrate JIRA with ADFS for SAML SSO, here are the steps.

1. Add your JIRA instance as relying on party trust in ADFS. You will need JIRA's Assertion Consumer Service URL and Audience URL (Entity ID) to configure relying on party trust on ADFS which is given at the bottom of the SAML configuration page of JIRA.

2. Configure SSO settings in JIRA. You will find all the required information from the ADFS Metadata URL which is given below.

https://<YOUR ADFS Domain Name>/FederationMetadata/2007-06/FederationMetadata.xml

  • Single sign-on issuer --> entity ID given in the EntityDescriptor tag of metadata
  • Identity provider single sign-on URL --> URL given in the SingleSignOnService tag of metadata
  • X.509 Certificate --> given in the X509Certificate tag of the metadata

The inbuilt SAML SSO is very limited in term of the feature. If you are looking for some additional features like Single Logout, Support for Signed SAML Request and Encrypted SAML Response, and customized SSO redirection than you can take a look into the 3rd party JIRA SAML plugin from miniOrange as well.


Thanks,
Lokesh
P.S. I work for the miniOrange and in case if you need any help with the plugin setup, feel free to reach out to us at atlassiansupport@miniorange.com or through our customer portal.

View More Comments
Deleted user May 31, 2019

Hello @Lokesh Naktode_miniOrange 

Can you please help me in knowing if the given Assertion Consumer Service URL  format is correct OR it can have different values?

https://<DNS>/plugins/servlet/samlconsumer

 

Capture5.PNG

Regards,

Aayushi

Like
Lokesh Naktode_miniOrange
Lokesh Naktode_miniOrange
Atlassian Partner
May 31, 2019

Hi @[deleted] ,

 

This URL is provided by the JIRA itself and it a constant value.

You just need to provide it along with the Audience URL (Entity ID) to your ADFS team so that they can add your JIRA instance as a relying party in ADFS.

Thanks,

Lokesh

Like
Deleted user May 31, 2019

Hello @Lokesh Naktode_miniOrange 

can you please tell the URL i provided is the correct one ? 

https://<DNS>/plugins/servlet/samlconsumer

 

Regards,

Aayushi

Like
Lokesh Naktode_miniOrange
Lokesh Naktode_miniOrange
Atlassian Partner
May 31, 2019

Hi @[deleted] ,

 

Yup, this is the correct ACS URL correct and Audience URL (Entity ID) will be base URL of your JIRA DC.

 

Thanks,

Lokesh

Like
Deleted user June 2, 2019

Hello @Lokesh Naktode_miniOrange ,

Thank you for your quick response!

I provided the URLs to the ADFS team. And i made the required changes at JIRA's end as well, after receiving the metadata xml. 

But when i am trying to authenticate (after providing my credentials), it leads me to this page (Please see the screenshot).

Capture7.PNGSo i am a little confused why i am getting this error. 

Is there a possibility of some misconfiguration at ADFS team's end? 

OR Is it possible because the user credentials i was trying to login by, is not present in the list of users under User management tab? 

Do i need to add this user via Active directory then only it will be able to authenticate using MFA?

Is it mandatory to add this user in any Permission model groups? 

Please help me out in resolving these queries.

Regards,

Aayushi

Like
Lokesh Naktode_miniOrange
Lokesh Naktode_miniOrange
Atlassian Partner
June 2, 2019

Hi @[deleted] ,

 

Please check the atlassian-jira.log file for more details.

 

Also, It seems inbuilt SAML does not support on-the-fly user creation so please try with the existing user account. Also, make sure ADFS is sending JIRA username of the user in the NameID attribute of the SAML Response.

 

Thanks,

Lokesh

Like
Reply
0 votes
Sid
Sid
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 23, 2019

Hi @[deleted] ,

Which version of JIRA you are using, 

try here {base url}/plugins/servlet/authentication-config

and configure how users login here

View More Comments
Deleted user May 23, 2019

Hi @Sid ,

I am using v.8.1.0 (JIRA Software for Data Center).

Yes, i am trying the same method for configuring how users login. It requires me to fill some fields giving information about the IDP. But these fields are provided by the IDP itself once the application is added at its end. 

Capture6.PNG
I wish to know the process of adding the Service Provider (JIRA) to the Identity Provider (ADFS) so that it can provide the details i am required to fill in the screenshot mentioned above. 

What all information from the application is required to be added to the ADFS? And how to procure it from the JIRA application ? 

Regards,

Aayushi

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security