Hi @Firas hammami ,
You should be able to add a parameter to your url.
The URL to display the login page is: <BASE_URL>/login.jsp?auth_fallback but the admin needs to enable authentication fallback first.
If you mean bypassing login as in anonymous..that's something completly different.
You need a plugin on Jira side:
Please consider trying our app EasySSO for Jira – we offer 5 authenticators, including SAML, HTTP Headers and X.509 – any of these 3 could be used to achieve what you are after.
Our support is 24x7 - please don't hesitate to reach out with the specifics of your reverse proxy and ask questions.
Thank you for your respense, about EasySSO, I have tried it, but the problem is that it force me to use it's own parametres and URL, so in my case I can not make the same configuration as the webserver, have you any idea how to use my own parametres?
I suspect you meant that you have to configure your SAML IdP to talk to EasySSO via SAML effectively additionally to what you already have configured for your webserver/reverse proxy.
This is correct, as I said if you want to use SAML (with any SAML app not just EasySSO) you will have to integrate the app with your IdP, and effectively there will be two authentication requests to the IdP when a user attempts to login - one from the webserver, the other one from Jira.
This is why I said that technically you don't need SAML on the webserver, as both authentications are not related to each other, they simply take advantage of the fact that once logged in with IdP, the user won't have to re-enter credentials again.
In this case the webserver may still "be userful" e.g. apply some logic of letting the user access Jira or not at all based on their identity, effectively a firewall.
If you don't want to configure your IdP to talk to EasySSO, then you need to configure your proxy to talk to it using something else but SAML. While SAML is a standard, making your proxy to talk to EasySSO via HTTP Headers is something much less standard. One would need to know more details about your proxy etc.
Please don't post these here for security reason – instead proceed to our 24x7 support portal
Thank you, the problem is that in our company we must make any authentication in the webserver level, I don't have choice, that's why I want to skeep the Jira login since the user is already authenticated, I was thinking about forcing EasySSO to accept the same configuration that put in the webserver
So if you have both webserver AND jira integrated with your SAML IdP via SAML – you will still be making the authentication at the webserver level as per your company requirements.
Please run the solution by your Security Team. I can't see them rejecting it since it's actually MORE secure than what you have now (SAML on webserver but then still a login page on Jira).
You can't force "the same configuration" on two different consumers (Service Providers) - this would be a security hole.
Hello all! What have you learned from your customers lately? Our live-streamed series continues by exploring CX, UX, and the power of research & insights at scale with Leisa Reichelt, Head of R...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events