We do have a Identity & Access Management System in place. This directory is basically the only directory which has all users (we're a production company and quite a few of our users do not need an Active Directory Account). The IAM directory is not LDAP enabled.
1) We do want to be able to show all user information in Confluence (address book) also from the ones without AD account (they still have a phone number and need to be able to call each other). We're also using the information to build the org chart in confluence then.
2) We do want to create the user directory completely from IAM via either daily import or API
3) We do want to create the group mapping manually from the IAM system (people are ordering spaces via IAM and the system then creates the groups and memberships itself)
4) This now is the tricky part even though the users have been created manually we do want to have them authenticated via SAML2.0 & SSO (we use secureauth).
Summary : We do not want to attach a directory for user management but we want the users to be authenticated using SAML2.0 / secureauth device.
How should this be done? (I know this is not how the rest of the world does it anyhow this is the approach we have to take).
Code, and quite a lot of it. I'd strongly recommend using one of the SAML add-ons from the marketplace instead of trying to re-invent this wheel, and I think you'll need another add-on to draw in the user profiles.
Agree with Nic Brough. We use and recommend SAMLSSO for Confluence by resolution, but it assumes that your users are already available to Confluence from somewhere. From their documentation:
SAML is currently supported for authentication only. That means the userid must be known in the Jira/Confluence instance, either as a locally configured user or coming from an external user directory
Confluence is going to have to know about the users somehow; even if there were a "do it all" SAML plugin, it would still need to create the users in Confluence's database. The User Directory API for Confluence plugin might help you out on that front, but I've never used it and can't comment on how it works.
Best of luck!
Here's an update.
We use secureauth for authentication together with the SAML SSO plugin. Works like a charm.
We are using the SOAP interface (I know deprecated but user provisioning is not yet available in REST API), we also create the groups via SOAP (as well as user/group membership). All of it managed via IAM, we are also on the way to have the space order process in the IAM system (does create the space, the read group, the write group) together with a yearly renewal process (in order to get rid of unused / outdated spaces).
I work with Kantega Single Sign-on. We have add-ons for all the Atlassian products except for Crowd and Hipchat.
We offer Kerberos and SAML in combination or separate, and support on the fly user creation. Users can be added to default groups upon sign-up.
JIRA mobile, and service desk are also supported. There is no need for file system changes, making upgrades are very smooth!
We are always happy to help. Email us at SSO@kantega.no
Hi my Community friends! For those who don't know me, I'm a product marketer on the Confluence Cloud team - nice to meet you! For those of you who do, you know that I've been all up in your Co...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs