It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Disable JIRA Login page with Seraph SSO

I am working on a custom SSO authenticator for my JIRA instance.

I have the login part working great. The problem I have now is that I need to completely hide the Login page. All login needs to go through my SSO provider.

As it sits right now, if a user logs in through SSO but doesn't exist in JIRA it shows them the login screen. The way I need it to work is that if the SSO service logs them in but they don't exist in JIRA, that they are kicked back to the SSO login page, or at least shown an error page instead of the login page.

How can I do this without hacking up the login.xml file?

2 answers

1 accepted

3 votes
Answer accepted
Timothy Chin Community Leader May 18, 2014

I did not know that there is a login.xml. You will have to modify instead the seraph-config.xml. Chagne the login.url, link.login.url and logout.url params

Thanks for your response. I have already done this. I have set all three of these to point to my SSO. In my custom plugin I return "null" if the user should not be allowed to login. Instead what happens is the user is shown the "Login" page if I Return "null".

What else can I do to make sure the users never see the JIRA login page?

Timothy Chin Community Leader May 20, 2014

Disable the login gadget in jpm.xml?

Thanks for this suggestion! This seems to have gotten me most of the way there. At least now when a user gets to my page and doesn't have access, they won't see the login gadget. I plan to update my Seraph plugin to delete the JIRA auth cookies so they are forced back out if they are not authorized to be in the system.

As a final note to everyone - Timothy's suggestion to remove the login gadget in jpm.xml is a great way to prevent people from logging in via the web page when using SSO. I still haven't been able to get the system to automatically kick the user out if they're not logged in, but this is an issue specific to my SSO solution and JIRA instance.

Hi DJX. I'm looking for a way to use Seraph for SSO on JIRA Core, since I'm not a developer, I'm not sure which way to go - could you please share how you implemented the custom authenticator? This is where I get lost:

https://docs.atlassian.com/atlassian-seraph/latest/sso.html

Thanks in advance.

@Bianca Borges - There are a few plugins out on the market that handle some common authenticators. At the time, I was working with one that did not have a plugin. I wrote this post to document some of my findings: https://www.jarvispowered.com/single-sign-on-to-jira-with-siteminder/

@DJX thanks for sharing!

Hi @DJX

My issue also similar case please find the below description, snap shot and let me know your inputs, please.

I am working on custom Google SSO authenticator for my JIRA & WIKI instance (Vendor AppFusions).

Google SSO for JIRA

Google SSO for Atlassian Confluence

https://www.appfusions.com/display/GAPPSAUTHJ/Home

I have the login part working great. The problem I have now is that I need to completely hide the Login page. All login needs to go through my SSO provider. i.e., all the users must “sign in with Google” so I want to disable the login page username and password fields. When I access my JIRA and Confluence URL then we need to click on “sign in with Google” to login my applications.WIKi JIRA.PNG

Regards,

Andy

This won't help in redirecting, but simply changing Jira/Confluence to use external user management will disable the ability to use "forgot password" and a bunch of other useful SSO specific functionality

 

https://confluence.atlassian.com/doc/disabling-the-built-in-user-management-138741.html

Hi

If we remove the login gadget how do we login as local admin?

Thanks

I think it's not possible to have both options at the same time. Personally, I have a a production / dev config file. When I need to do maintenance I shut JIRA down, swap the config files, and then login with the admin account.

Like 1 person likes this

Hi DJX

Yes i thought that was the case. Thanks for confirmation 

Suggest an answer

Log in or Sign up to answer
This widget could not be displayed.
This widget could not be displayed.
Community showcase
Posted 7 hours ago in Industry Groups

Upcoming Team Tour Government Symposium in Washington D.C.

Calling all Community members from the Washington D.C. area! Atlassian’s Team Tour is heading to your city to host a Government Symposium on May 1st. Join our team and other government agencies to le...

12 views 0 1
View post

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you