Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

How to generate XML metadata file for SAML SSO 2.0 configuration ?

Trying to implement SAML SSO 2.0 on Jira DC 8.5 / Confluence DC 7.4, my IDP asks me for a XML metadata file that contains a X509 certificate used to decrypt or confirm the signing, they can't register Jira/Confluence in their tool without this metadata file.

The only information I have for them are the 2 URLs "Assertion Consumer Service URL" and "Audience URL (Entity ID)" shown in SSO 2.0 configuration panel.

How do I generate such a metadata file ?

1 answer

Hi Eddy,

 

this Question is slightly word in the Atlassian Access area (since that is a Cloud Service).

However, going to your Question about metadata on SAML for DC - the SAML that Atlassian Datacenter supports out of the box does not generate any metadata. 
So you would have to do this setup manually on your IdP and not via metadata

Just for reference here are the Atlassian Docs about configuring SAML: https://confluence.atlassian.com/enterprise/saml-single-sign-on-for-atlassian-data-center-applications-857050705.html

However to my knowledge Authentication request, signing/encryption is also not supported by Atlassian. So if this is a requirement, then you can't use the basic SAML integration form DC.

In that case (or if you need a setup via metadata), you'll have to consider a 3rd Party Plugin like ours: https://marketplace.atlassian.com/search?query=saml%20resolution%20gmbh 
Our plugins are the most installed & best rated one's in the Atlassian Marketplace - beside many other additional features we also fully support:

- Setup via metadata (both ways)
- Signed authentication requests.
- Encrypted authentication requests.

If that's a consideration then let me know which Identity Provider you are trying to integrate with - for many we do have step-by-step guide on our documentation (https://wiki.resolution.de/doc/saml-sso/latest/jira/setup-guides-for-saml-sso). Or you just book a free Screenshare with us & we help you do the setup via https://resolution.de/go/calendly

Cheers,
Chris

P.S. Full disclosure, I work for resolution, a marketplace vendor.

Thanks Chris for your answer.

Finally, my IDP accepted my homemade xml metadata file (built with an online tool available at https://www.samltool.com/sp_metadata.php), just containing both URLs provided by Jira, the X509 certificate was optional.

So no need for an additional plugin on my side, sorry for your company and good news for mine :)

Regards 

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Atlassian Access

We're launching improved navigation for admins

Hi Atlassian Community, My name is Avni Barman and I am a Product Manager on the Atlassian Access team! One of my top priorities is to help make the administrator's life easier through improved pro...

923 views 1 10
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you