It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Confluence Data Center REST API with SAML Auth

We're currently looking into upgrading to Confluence Data Center to get SAML auth so we can use our SSO provider for 2FA. One area of concern is how the REST API may be impacted since we have automated processes using service accounts to access the app. Can anyone confirm if the REST API still functions behind SAML auth?

The docs make no mention of an oauth endpoint like JIRA offers. Also came across CONFSERVER-54412 which states it's a known issue, but no ETA when or if it'll be implemented.

2 answers

1 accepted

2 votes
Answer accepted
Daniel Eads Atlassian Team Mar 14, 2019

Hey Doug,

The REST API will still function just fine behind SAML without having to add OAuth or other measures to your calls. Basic auth on the API URLs will bypass SAML.

We do have this documented on the configuration page (see screenshot) but you're right that this isn't obvious from the documentation online, and that is different from Jira! Here's the SAML configuration page within Confluence Data Center:

SAML_Authentication.png

Thank you for pointing this out so we can clear up the confusion. And you should be good to go with your existing API calls once you make the jump to Data Center.

Cheers,
Daniel | Atlassian Support

Hi Doug,

this may be too old now for you to benefit - however it may still be worth someone who stumbles across this topic.

The REST API continues to work like normal behind SAML. However, in many installations the problem is that the Users (especially if they are provisioned by a SAML Plugin) don't have any passwords anymore in the actual Atlassian Application.
Or sometimes even if they still have, you may not want your Jira/Confluence accessible via a simple password if you go through the 2FA length on your IdP. A common solution to that, that many cloud services/applications implement are API Keys/Tokens/App specific passwords.

We have released a 3rd party App that implements the API Token Concept in Confluence & Jira.

It's available for both Server & Data-Center. It also has some additional security features (blocking normal basic auth, IP address restrictions, etc) that some people may find interesting.

Cheers,
Chris

P.S. Full disclosure, I work for resolution, a marketplace vendor.

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Posted in Confluence

Lessons and Learnings: Six Months of Working Remote [Discussion]

Hey there, folks! For most of us, the past six months- yes, you read that right- have been a journey. More people than ever before have pivoted to working remotely, and navigating being on-scre...

2,116 views 4 5
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you