We're currently looking into upgrading to Confluence Data Center to get SAML auth so we can use our SSO provider for 2FA. One area of concern is how the REST API may be impacted since we have automated processes using service accounts to access the app. Can anyone confirm if the REST API still functions behind SAML auth?
The docs make no mention of an oauth endpoint like JIRA offers. Also came across CONFSERVER-54412 which states it's a known issue, but no ETA when or if it'll be implemented.
The REST API will still function just fine behind SAML without having to add OAuth or other measures to your calls. Basic auth on the API URLs will bypass SAML.
We do have this documented on the configuration page (see screenshot) but you're right that this isn't obvious from the documentation online, and that is different from Jira! Here's the SAML configuration page within Confluence Data Center:
Thank you for pointing this out so we can clear up the confusion. And you should be good to go with your existing API calls once you make the jump to Data Center.
Daniel | Atlassian Support
this may be too old now for you to benefit - however it may still be worth someone who stumbles across this topic.
The REST API continues to work like normal behind SAML. However, in many installations the problem is that the Users (especially if they are provisioned by a SAML Plugin) don't have any passwords anymore in the actual Atlassian Application.
Or sometimes even if they still have, you may not want your Jira/Confluence accessible via a simple password if you go through the 2FA length on your IdP. A common solution to that, that many cloud services/applications implement are API Keys/Tokens/App specific passwords.
We have released a 3rd party App that implements the API Token Concept in Confluence & Jira.
It's available for both Server & Data-Center. It also has some additional security features (blocking normal basic auth, IP address restrictions, etc) that some people may find interesting.
P.S. Full disclosure, I work for resolution, a marketplace vendor.
Hey there, folks! For most of us, the past six months- yes, you read that right- have been a journey. More people than ever before have pivoted to working remotely, and navigating being on-scre...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events