Enabling SAML in Atlassian Labs Data Center Weaver

NB: Weaver is not supported by Atlassian. The information in this article is provided as is.

To enable SAML in Weaver:

1. Enter your SAML metadata URL in the template. If Weaver has already been deployed, spin down to 0 and and back up to 1 node to create a new node with the SAML configuration.
2. Edit /home/weaver/atl-labs-dc-weaver/weaver/saml_auth/permissions.json on the node to add your groups, and configure their permissions. This file is provided as an example only - you can use any groupname in your directory.

When configuring SAML with your Identity Provider (IDP) the following attributes need to be set:

User.Email
User.firstName
User.lastName

Example SAML response for a user:

<Attribute Name="User.Email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
    <AttributeValue>you@your_company.com</AttributeValue>
</Attribute>

For the groups, memberOf needs to be set.

Example SAML response for a group:

<Attribute Name="memberOf" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
    <AttributeValue>my_group1</AttributeValue>
    <AttributeValue>my_group2</AttributeValue>
</Attribute>

The SAML response should also contain the following:

setSubjectName = my_username 
setHttpDestination = https://my_node.my_company.com/saml/acs/
setAudience = https://my_node.my_company.com/
setRecipient = https://my_node.my_company.com/saml/acs/