SAML SSO Support?

Kyle Gauthier December 21, 2011

Hello - We have an application that is the identity provider for a SAML solution. Can/will confluence be setup to be the service provider for a SAML setup?

I understand Crowds is the SSO solution for the different Atlassian products. Perhaps Crowds supports a general SAML request?

Thank you - Kyle

15 answers

1 accepted

7 votes
Answer accepted
Roger Schmidt May 19, 2012

Hello

This is also a hot topic for us and maybe for other customers too!?

Is there any out-of-box solution for SAML 2.0 support (in Confluence or Crowd) or do we have to implement a custom authenticator?

Thanks,
Roger

Christian Reichert (resolution)
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
February 21, 2014

Hi Roger,

Quite a while since you asked that Question. Our sister company has just published a plugin on the Marketplace which implements SAML 2.0 for Jira & Conflence (tested with Microsoft ADFS).

They had to use an implementation of a custom authenticor to get this done. Before deciding to implement we obviously looked at the existing and found nothing sensible for us which worked well enough with both Confluence & Jira.

We've also been running it internally for the last couple of months flawless.

The plugin can be found https://marketplace.atlassian.com/plugins/com.resolution.atlasplugins.samlsso

If you tested it & consider purchasing, let me know as I can organize a 50% promo code.

4 votes
David at David Simpson Apps
Marketplace Partner
Marketplace Partners provide apps and integrations available on the Atlassian Marketplace that extend the power of Atlassian products.
July 14, 2013

I've previously integrated Confluence with SAML when I used Confluence as the identity provider for a SAML SSO plugin -- you can find out more details in the post "Concur Single Sign-On plugin for Confluence using SAML".

What you're after is really the converse of that. It could be achieved with a custom authenticator - perhaps in a manner similar to AppFusions' Google Apps Authenticator for Confluence. Here's my video demo showing the Google Apps authenticator in action.

Contact me direct if you wish to know any further details.

2 votes
Ellen Feaheny [AppFusions]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
August 7, 2012

What is the app? AppFusions can help you.

We have a Google Apps Authenticator for Confluence, and I *think* it was with SAML that we did this.

I need to double check with engineering on this one.

ANyways, contact us if you would like to discuss.

Best,

Ellen

info@appfusions.com

2 votes
Daniel Borcherding
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
August 7, 2012

Hello,

Unfortunately the roadmap for Crowd, Jira and Confluence do not include support for SAML. It is an often requested feature that we are not going to include in our product line. https://jira.atlassian.com/browse/CWD-1822 is the feature request page where developers have commented on the issue. You can see that it has been resolved as "Won't Fix."

We have a number of experts that would be happy to help you with a custom solution. It appears as if there may already be a third party that is providing a SAML Identity Provider. Your best bet would be to contact them to see if their solution is right for your needs

Neil Timmerman August 29, 2012

I was surprised to read this. Why not?

Is SAML not an open standard and do you not believe this will prevent large enterprises from adopting your solution? I would think this is in your product lines best interests.

I'm not wild about the idea of working with another vendor to implement their custom SAML solution for your product. That would unnecessarily complicate upgrades and support. My expectation is for any vendor that expects to be taken seriously as an Enterprise solution to offer easy, well-tested ways to federate identity.

I am a current customer of Confluence but only with a 25-seat on premise license used within IT for technical documentation. I was considering Confluence for a much larger rollout firm wide but this basically ends that consideration. It is simply not practical for my IT Dept to manage thousands of accounts seperately.

Neil Timmerman August 29, 2012

Also, the Jira issue you are linking to goes a page that says the project was deleted.

Ryan Goodwin
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
February 25, 2013

Here is the link to the cwd project stating that we will not be implementing SAML.

https://jira.atlassian.com/browse/CWD-1822

If this is a necessary feature, please contact one of our experts who will be better able to assist with this.

0 votes
Prakhar Srivastav August 18, 2016

Hi All,

Please check my article on this. It might help you as I have tried to provide a complete solution.

http://thetechrecipes.com/index.php/2016/08/11/saml-integration-with-jira-and-other-java-web-app/

Regards

Prakhar

0 votes
Prakhar Srivastav August 18, 2016

Hi All,

Please check my article on this. It might help you as I have tried to provide a complete solution.

http://thetechrecipes.com/index.php/2016/08/11/saml-integration-with-jira-and-other-java-web-app/

Regards

Prakhar

0 votes
Irfan Hussain March 21, 2016

Hi, any steps or link where i can find proper process to implement this.

0 votes
Christian Reichert (resolution)
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
September 11, 2014

Great to hear that it is working beautifully for you; As for Bamboo & Stash, one of you developers is looking into that at the moment - however their authentication system is different, so I'd be lying if I would give you any concrete timeline at the moment. But be assured that you are by far not the only one who has requested this, so it's high up on our list.

0 votes
Baskar September 9, 2014

HI Christian Reichert, I have used SAML single sign on plugin for Trial versions JIRA as well as Confluence. It is working beautifully. The SAML idp that i used - SimpleSAMLPhp. I am eager to know when this plugin is going to support for Bamboo & Stash. It is kind of urgent to me. Apart from SAML SSO plugin, do we have any solution to achieve SAML 2.0 based SSO with atlassian products.

0 votes
Christian Reichert (resolution)
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
March 23, 2014

Hi Randall,

not sure if you wanna take my word for it - it is worth testing, if you are using an environment as above (Jira or Confluence and MSADFS). Setup

0 out of 0 just means no one has rated this yet - which is not too uncommon with Plugins published only about a month ago (most people are still using their eval licenses right now, a few even purchased outright).

Feedback from the people who are evaluating it at the moment, is generally it works. We actually got confirmation that it also works with a variety of other IdPs (other than ADFS). We are just pulling their configs together to document setup of other IdPs & a compatibility list).

Most of the conversation with the evaluators is actually around new feature request, most common is to support others of the Atlassian Applications (i.e. Bamboo, ...), which we are prioritizing based on their wishes.

I hope that gives you a bit more comfort, that it might be worth your time ...

CC

0 votes
Randall Fisher
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
March 23, 2014

I'd like to get some feedback on anyone using this solution.
Maybe its too soon, but 0 out of 0 stars is not encouraging enough to give this a test.

0 votes
Christian Reichert (resolution)
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
February 21, 2014

Quite a while since you asked that Question. Our sister company has just published a plugin on the Marketplace which implements SAML 2.0 for Jira & Conflence (tested with Microsoft ADFS).

We've also been running it internally for the last couple of months flawless.

The plugin can be found https://marketplace.atlassian.com/plugins/com.resolution.atlasplugins.samlsso

If you tested it & consider purchasing, let me know as I can organize a 50% promo code.

0 votes
Jean de Laulanié
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
July 16, 2013

Hi Yves,

thanks for your reply.

I will give it go.

Cheers.

0 votes
Yves Martin
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
June 12, 2013

Hello,

I have successfully configure OIOSAML with JIRA: https://svn.softwareborsen.dk/oiosaml.java/sp/trunk/docs/index.html

NameID is available from request.getRemoteUser() which is properly caught by the authenticator.

With a small patch in SPFilter, I have allowed REST and SOAP APIs and also the login screen even without SAML assertion available in session.

Hope this help

Jean de Laulanié
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
July 14, 2013

Hi Yves,

can you confirm which version of JIRA did you manage to configure with OIOSAML?

I am facing the same issue and is currently investigating your solution.

Cheers.

Yves Martin
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
July 16, 2013

Hello Jean,

I use OIOSAML.J 9918 http://digitaliser.dk/group/42063/resources because it has passed some kind of certification.

In a first release, I had to exclude a large set of paths in SPFilter code and add conditions if opensynphony authentication were used... and finally got troubles with many features like "Attach screenshot" for instance, Firefox got a corrupted jar file !

I have just deployed another implementation where SPFilter is invoked from Seraph Authenticator only (so no longer declared in web.xml), still with path exclusions for SOAP and REST API typically, and now I wait for users' feedback but I think it will be OK.

srinivasp
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
August 20, 2015

Hello Martin, I want to configure SSO for JIRA using SAML2.0. Could you please provide more information?

Yves Martin
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
August 20, 2015

I propose you deploy this new plugin (not at all related to my own work done with OIOSAML) https://marketplace.atlassian.com/plugins/com.bitium.jira.SAML2PluginJira

0 votes
Aiping Zhang June 27, 2012

Hi,

We are also interested in using SAML and more specifically using ADFS for JIRA authentication.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events