Disable JIRA Login page with Seraph SSO

I am working on a custom SSO authenticator for my JIRA instance.

I have the login part working great. The problem I have now is that I need to completely hide the Login page. All login needs to go through my SSO provider.

As it sits right now, if a user logs in through SSO but doesn't exist in JIRA it shows them the login screen. The way I need it to work is that if the SSO service logs them in but they don't exist in JIRA, that they are kicked back to the SSO login page, or at least shown an error page instead of the login page.

How can I do this without hacking up the login.xml file?

1 answer

1 accepted

3 votes
Accepted answer
Timothy Chin Community Champion May 18, 2014

I did not know that there is a login.xml. You will have to modify instead the seraph-config.xml. Chagne the login.url, link.login.url and logout.url params

Thanks for your response. I have already done this. I have set all three of these to point to my SSO. In my custom plugin I return "null" if the user should not be allowed to login. Instead what happens is the user is shown the "Login" page if I Return "null".

What else can I do to make sure the users never see the JIRA login page?

Timothy Chin Community Champion May 20, 2014

Disable the login gadget in jpm.xml?

Thanks for this suggestion! This seems to have gotten me most of the way there. At least now when a user gets to my page and doesn't have access, they won't see the login gadget. I plan to update my Seraph plugin to delete the JIRA auth cookies so they are forced back out if they are not authorized to be in the system.

As a final note to everyone - Timothy's suggestion to remove the login gadget in jpm.xml is a great way to prevent people from logging in via the web page when using SSO. I still haven't been able to get the system to automatically kick the user out if they're not logged in, but this is an issue specific to my SSO solution and JIRA instance.

Hi DJX. I'm looking for a way to use Seraph for SSO on JIRA Core, since I'm not a developer, I'm not sure which way to go - could you please share how you implemented the custom authenticator? This is where I get lost:

https://docs.atlassian.com/atlassian-seraph/latest/sso.html

Thanks in advance.

@Bianca Borges - There are a few plugins out on the market that handle some common authenticators. At the time, I was working with one that did not have a plugin. I wrote this post to document some of my findings: https://www.jarvispowered.com/single-sign-on-to-jira-with-siteminder/

@DJX thanks for sharing!

Hi @DJX

My issue also similar case please find the below description, snap shot and let me know your inputs, please.

I am working on custom Google SSO authenticator for my JIRA & WIKI instance (Vendor AppFusions).

Google SSO for JIRA

Google SSO for Atlassian Confluence

https://www.appfusions.com/display/GAPPSAUTHJ/Home

I have the login part working great. The problem I have now is that I need to completely hide the Login page. All login needs to go through my SSO provider. i.e., all the users must “sign in with Google” so I want to disable the login page username and password fields. When I access my JIRA and Confluence URL then we need to click on “sign in with Google” to login my applications.WIKi JIRA.PNG

Regards,

Andy

This won't help in redirecting, but simply changing Jira/Confluence to use external user management will disable the ability to use "forgot password" and a bunch of other useful SSO specific functionality

 

https://confluence.atlassian.com/doc/disabling-the-built-in-user-management-138741.html

Suggest an answer

Log in or Sign up to answer
Community showcase
Published yesterday in Agile

Are you a Jira Service Desk agent? We want to talk to you!

Are you a whiz at handling tickets and looking at how you can further optimize your workflow with automation? Do you tackle detailed customer support questions while simultaneously getting flooded wi...

40 views 0 2
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you