Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

SAML SSO in Confluence data-center with Crowd as IdP


Good afternoon. I'm a bit at a loss with the SAML SSO setup in Confluense Data Center edition.
I follow the instructions (https://confluence.atlassian.com/conf67/saml-sso-for-confluence-data-center-945103413.html), in Confluense go to General Configuration> SAML Authentication. I enable SSO, fill in the fields with settings from CrowD, which acts as the IdP for SSO.
In crowd I have configured the directory to which our LDAP is connected, where all users (and we use it as SSO for google, so it's work)
I make an application in crowd and choose the GENERIC type, because I want to use crowd only as an SSO. in the application on SSO page I set up there settings from the confluence settings in the section with SAML Configuration, (id and URL) - and Vice versa from the crowd I set up in the confluence ID, url, and certificate.
On this page, aplication\sso - I have an error- "the directory mappings in your test_confluence application is different than the one set up in Crowd. The SSO might not work properly when the directory mappings are different. We suggest that you go to Directors & groups to check the mappings on Crowd side", the essence of which I also do not fully understand. In our crowd there are only 2 directories, just in case I added both to the application - error is not lost.
I also found instructions for configuring SSO 2.0 - https://confluence.atlassian.com/crowd/crowd-sso-2-0-967322291.html#:~:text=Crowd's%20SSO%202.0%20allows%20you,with%20one%20common%20login%20page.&text=Once%20you%20configure%20SSO%202.0,Server%20and%20Data%20Center%20applications.
For Jira, everything looks native, all the actions that I did are works - and the SSO is configured, in the instructions for confluence (exactly for the type of application in crowd - confluence) - https://confluence.atlassian.com/crowd/integrating-crowd-with-atlassian-confluence-198573.html you need to create groups, edit the config, it all looks very strange, why does it not work through the SSO settings in General Configuration> SAML Authentication and the SSO settings of the application in Crowd?
Although in this manual - https://confluence.atlassian.com/conf67/saml-sso-for-confluence-data-center-945103413.html the configuration for confluence looks as simple as for Jira in the link to configure SSO 2.0
In General, I am decently confused, perhaps you can somehow Orient me?

1 answer

0 votes
Daniel Eads Atlassian Team Sep 17, 2020

Hi again!

My suggestion for your setup would be to use SSO 2.0 in Crowd. This is a SAML setup. These are the documents that walk through the setup and configuration:

  1. First, Crowd: Crowd SSO 2.0 
  2. Then, Confluence: SAML SSO for Confluence Data Center (the "set up your identity provider" section can be skipped, since you will already have Crowd set up as a SAML provider)

I see you've had a look at both of these documents already. Is knowing which ones to follow enough to help out? I'm happy to answer more questions - but hoping knowing which documents to follow in which order is a good start.

Cheers,
Daniel

Hi there! Thanks for the answer!

During this time, I figured out our question.

I was just a little confused by the fact that I had to add users to the directory of crowd application directly.

I imagined a model similar to our g-suite. Where users log in to google are redirected to the crowd page where a separate application for google is configured, to which LDAP is linked. But a similar relationship that I wanted to implement - the user enters confluence, redirects it to crowd, where the existence of the user in the directory of a separate application is checked-did not work. It worked when I added directory users from LDAP directly to application crowd. Maybe I configured something wrong, but the guide directly says that users should be in the application crowd (default app) inside the crowd. Perhaps you can tell me whether it is possible to organize this connection through a separate application (initially, we did not want users to be able to log in to our crowd as a weekly application, they have no rights to anything there, but still)

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
SERVER
TAGS
Community showcase
Published in Confluence

Announcing Team Calendars in Confluence Data Center

Hi Community! We're thrilled to share that Team Calendars for Confluence is now a built-in feature for Confluence Data Center releases 7.11 and beyond.  A long time favorite,  Team Cale...

177 views 0 6
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you