Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

SSO Solution Edited

Hey, community! I require your help.

I need to realize the work of SSO for JSD. I want to make it possible for my users to log in to the portal without entering their username and password. The accounts of the users are stored in AD. As far as I know, SSO for JSD is not supported, only through third-party apps (SSO integration with JIRA Service Desk – JSDSERVER-630).

Can you tell me if there is a solution for this case? But without purchasing a third-party application.

Users must access the JSD portal without entering their username and password, and without purchasing a third-party app.

Maybe there are some free apps that you can suggest to me to solve this case.

2 answers

1 accepted

0 votes
Answer accepted

@Thomas Crown You'll need an app for this.  There is currently no way to do SSO for Jira / JSD Server without an app.

Clients ask that question a lot and I always recommend this app because it just works and it's easy to configure.

Good luck!

@Trevan Householder I didn't learn the topic very well, but what do you say about it:

Writing a custom authenticator

Jira and Confluence integrate with SSO system Seraph, the Atlassian authentication library. Seraph is a very simple, pluggable J2EE web application security framework developed by Atlassian and used in our products.

Seraph allows you to write custom authenticators that will accept the login credentials of your existing single sign-on system.

A few tips for writing your own custom authenticator for Confluence:

  • For Confluence 2.2 and above you must extend com.atlassian.confluence.user.ConfluenceAuthenticator instead of the Seraph DefaultAuthenticator.
  • The authenticator should not be a plugin. It should be placed in the class path by putting it in WEB-INF/classes or as a jar in WEB-INF/lib
  • The authenticator should have a public constructor that takes no arguments.
  • Dependency injection via setters or auto-wiring by name is not available to authenticators. Use ContainerManager.getInstance(...) instead.
  • The authenticators are constructed before beans are available via ContainerManager.getInstance(...), so the getInstance method needs to be called at runtime and not in the constructor.

These same restrictions apply for JIRA as well, except that:

  • The base class to use is com.atlassian.jira.security.login.JiraSeraphAuthenticator
  • Components are obtained with ComponentAccessor.getComponent(...).

Check out these examples:

There has been a discussion of integrating with Siteminder on the mailing list that may be applied to Jira integration. All third-party code must be treated with caution - always backup your Confluence instance before use. If you create a custom SSO plugin and would like to contribute it to the user community, please let us know on a support ticket. You can also browse the Seraph Discussion Forums.

Is it worth digging into this subject or will it be useless?

That is essentially "how to write your own 3rd party application".  If you're willing to do that just to avoid using someone else's app, then yes, it's a good place to start.

It would be worth weighing up the reasons for not wanting a 3rd party app - if it's purely cost for example, then you are probably going to find it more expensive to employ a team to write and support this than it is to buy a 3rd party app.

Like Trevan Householder likes this

Thanks for your clarification. I was hoping that such a solution as SSO will be available to JSD for free or will be integrated into the product.

There are too many ways to do SSO at the moment, it's not (economically) possible to code for everything as part of the core product.

Atlassian have done what everyone else has done - built in as much as they can that is standard, and then relied on the vendors of SSO products to do the rest.  (Although, yes, I would totally agree if you were to say that they've done the absolute minimum to enable it)

The machine I use for work currently has almost 30 ways to identify me to various organisations, and most of them provide SSO as an adjunct.

SSO is not a single thing you can just do.  Every way to do it depends on your service providers.

The market is still in a huge state of flux.  Some providers are (or were) emerging as the leaders in the field, but then Google announces that they're killing off most of the methods they use in the world's most popular browser, and so there's more turmoil.

There's no way to "integrate SSO into the product" until the world has settled on a single standard way to do it.  I'm middle-aged, but close to "old".  But I don't expect this to be done in my lifetime unless the AIs take over.

Time will tell.

You may want to look at Atlassian Crowd. It is from Atlassian, so its not a third party product. Though it is a separate product and license.

It is their "enterprise" solution for single sign on across multiple Atlassian Applications. It has more integration possibilities. 

Thank you! It's a sad thing that Crowd is chargeable. It looked to me that such a simple solution as SSO will be available for JSD.

Crowd works great, but you'll need to know that JSD customers added to Crowd consume a Crowd license (not a JSD license, but a Crowd license). 

https://community.atlassian.com/t5/Crowd-questions/JSD-customers-are-counted-for-crowd-licensing-during-SSO/qaq-p/805133

https://jira.atlassian.com/browse/CWD-4116?_ga=2.234719194.590685323.1597185092-1551811082.1597088881

For this reason, some companies use Okta so they don't have to pay for Crowd licenses for Customers.

@Trevan Householdercould you give me a quick link to Okta? Is it an app or something else?

@Thomas Crown Okta isn't an Atlassian product but it's a popular tool for SSO:

https://www.okta.com/products/single-sign-on/

Even with Okta you will still need a plugin like I mentioned above to connect Okta to Jira (and another plugin to connect confluence).

@Trevan Householder, thank you very much for the consultation.

Like Trevan Householder likes this

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Jira Service Management

Why upgrade to Jira Service Management Premium?

We often have questions from folks using Jira Service Management about the benefits to using Premium. Check out this video to learn how you can unlock even more value in our Premium plan.  &nb...

196 views 1 6
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you