Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Configure Bitbucket(Date Center) with an Identity Provider using OIDC/SAML

Pradhan V
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
February 17, 2024

We need to configure a self hosted(Data Center) instance of Bitbucket with an Identity Provider(IdP) called FusionAuth(https://fusionauth.io/).

We prefer to use Open ID Connect(OIDC) and if OIDC is not feasible, the other option is Security Assertion Markup Language(SAML).

  1. Are OIDC and SAML features supported for both Cloud as well as Data Center(self hosted) versions of Bitbucket?
  2. Is Atlassian Access subscription required to use OIDC/SAML in the Data Center(self hosted) version of Bitbucket?
  3. Are OIDC and SAML supported by Bitbucket(Data Center) natively or a plugin like Kantega SAML SSO OIDC Kerberos Single Sign-on for Bitbucket(https://marketplace.atlassian.com/apps/1213019/k-sso-saml-kerberos-openid-oidc-oauth-for-bitbucket) needs to be used?
  4. What are the other recommendations/limitations/restrictions to use OIDC/SAML in the Data Center(self hosted) version of Bitbucket?

Please share the documentations to setup OIDC/SAML for Data Center(self hosted) version of Bitbucket and any other documentation related to the OIDC/SAML setup for the Data Center(self hosted) version of Bitbucket.

The following documentations were referred to but for the above requirement, we need expert recommendations/suggestions.

1 answer

2 votes
Ashwini_More _miniOrange February 20, 2024

@Pradhan V ,

here are some points you can refer to.

1. The OIDC Support is not yet available in Atlassian Access which offers SSO for cloud. However generic configuration support with few configurations is available. It may be possible that FusionAuth isn't supporting the generic configuration and you may have to check it with the FusionAuth Team. Also, the native SSO support isn't available for all the Bitbucket Versions. Please check if your bitbucket version supports native SSO.

2. Atlassian Access isn't required for the Datacenter version. You can check out Native Offering or the Marketplace apps from here.

3. You can use the Marketplace apps as well. I would like to suggest miniOrange's App of SSO. It supports the custom OIDC /SAML integrations as part of their offering which will be helpful to configure with FusionAuth. You can checkout the apps from Marketplace:

SAML SSO App: https://marketplace.atlassian.com/apps/1216482/mo-bitbucket-saml-sso-single-sign-on-bitbucket-sso-login?hosting=datacenter&tab=overview

OIDC SSO App: https://marketplace.atlassian.com/apps/1219173/mo-oauth-openid-connect-oidc-for-bitbucket-sso?hosting=datacenter&tab=overview

4. The restrictions/recommendations are based on the use case you want to achieve. Please consult the experts for the same. We at miniOrange provide guidance/demos for our apps to suit your business case. You can raise a support request here for assistance.

Here are a few documents you can refer to set miniOrange SSO Apps

Setup SAML SSO with Bitbucket 

Setup OIDC SSO with Bitbucket

 

PS: I work at miniOrange, one of the Top SSO vendors in Atlassian Marketplace.

Pradhan V
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
February 20, 2024

Thank you, @Ashwini_More _miniOrange .

1. The OIDC Support is not yet available in Atlassian Access which offers SSO for cloud. However generic configuration support with few configurations is available.

Could you please elaborate on "generic configuration support with few configurations is available"? Is it generic configuration for OIDC or SAML? Is there any documentation regarding the details of what is available and what is not available?

 

2. Atlassian Access isn't required for the Datacenter version.

Is Atlassian Access subscription mandatory to use OIDC/SAML in the Bitbucket cloud offering? 

 

3. Does Bitbucket cloud have native support for SAML? 

Please share the documentation for native SAML support with Bitbucket cloud and then we would be able to evaluate whether it fits with FusionAuth. If it doesn't, we may have to explore an SSO offering from a vendor like miniOrange. Can miniOrange be self hosted in case there are strict data residency requirements? 

Ashwini_More _miniOrange February 21, 2024

@Pradhan V

Here are the answers you are looking for:

1. In Atlassian Access only SAML Support is available without JIT provisioning. Multiple features of JIT provisioning and Security related features such as Signing requests and Encryption requests are not available in Atlassian Access. You can find the documentation on the Atlassian site for the same.

2. Yes, the Atlassian Access subscription is required for the Bitbucket Cloud offering.

3. Currently, no such documentation is available on Atlassian for Connecting Bitbucket Cloud with FusionAuth. For miniOrange offerings, I suggest you raise a request to us from here for more details.

Like Sabine Mayer likes this

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events