NB: Weaver is not supported by Atlassian. The information in this article is provided as is.
To enable SAML in Weaver:
- Enter your SAML metadata URL in the template. If Weaver has already been deployed, spin down to 0 and and back up to 1 node to create a new node with the SAML configuration.
- Edit /home/weaver/atl-labs-dc-weaver/weaver/saml_auth/permissions.json on the node to add your groups, and configure their permissions. This file is provided as an example only - you can use any groupname in your directory.
When configuring SAML with your Identity Provider (IDP) the following attributes need to be set:
User.Email
User.firstName
User.lastName
Example SAML response for a user:
<Attribute Name="User.Email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<AttributeValue>you@your_company.com</AttributeValue>
</Attribute>
For the groups, memberOf needs to be set.
Example SAML response for a group:
<Attribute Name="memberOf" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<AttributeValue>my_group1</AttributeValue>
<AttributeValue>my_group2</AttributeValue>
</Attribute>
The SAML response should also contain the following:
setSubjectName = my_username
setHttpDestination = https://my_node.my_company.com/saml/acs/
setAudience = https://my_node.my_company.com/
setRecipient = https://my_node.my_company.com/saml/acs/
![Denise Unterwurzacher [Atlassian]](https://avatar-management--avatars.us-west-2.prod.public.atl-paas.net/initials/DU-6.png){kind=avatar}
0 comments