Hey, community! I require your help.
I need to realize the work of SSO for JSD. I want to make it possible for my users to log in to the portal without entering their username and password. The accounts of the users are stored in AD. As far as I know, SSO for JSD is not supported, only through third-party apps (SSO integration with JIRA Service Desk – JSDSERVER-630).
Can you tell me if there is a solution for this case? But without purchasing a third-party application.
Users must access the JSD portal without entering their username and password, and without purchasing a third-party app.
Maybe there are some free apps that you can suggest to me to solve this case.
@Trevan Householder I didn't learn the topic very well, but what do you say about it:
Writing a custom authenticator
Jira and Confluence integrate with SSO system Seraph, the Atlassian authentication library. Seraph is a very simple, pluggable J2EE web application security framework developed by Atlassian and used in our products.
Seraph allows you to write custom authenticators that will accept the login credentials of your existing single sign-on system.
A few tips for writing your own custom authenticator for Confluence:
- For Confluence 2.2 and above you must extend
com.atlassian.confluence.user.ConfluenceAuthenticatorinstead of the Seraph
- The authenticator should not be a plugin. It should be placed in the class path by putting it in
WEB-INF/classesor as a jar in
- The authenticator should have a public constructor that takes no arguments.
- Dependency injection via setters or auto-wiring by name is not available to authenticators. Use
- The authenticators are constructed before beans are available via
ContainerManager.getInstance(...), so the
getInstancemethod needs to be called at runtime and not in the constructor.
These same restrictions apply for JIRA as well, except that:
- The base class to use is
- Components are obtained with
Check out these examples:
- CAS for Confluence, contributed by Carl Harris at Virginia Tech.
- CAS for JIRA, contributed by Carl Harris at Virginia Tech.
- Siteminder for Confluence, contributed by Ricardo Sueiras
There has been a discussion of integrating with Siteminder on the mailing list that may be applied to Jira integration. All third-party code must be treated with caution - always backup your Confluence instance before use. If you create a custom SSO plugin and would like to contribute it to the user community, please let us know on a support ticket. You can also browse the Seraph Discussion Forums.
Is it worth digging into this subject or will it be useless?
That is essentially "how to write your own 3rd party application". If you're willing to do that just to avoid using someone else's app, then yes, it's a good place to start.
It would be worth weighing up the reasons for not wanting a 3rd party app - if it's purely cost for example, then you are probably going to find it more expensive to employ a team to write and support this than it is to buy a 3rd party app.
There are too many ways to do SSO at the moment, it's not (economically) possible to code for everything as part of the core product.
Atlassian have done what everyone else has done - built in as much as they can that is standard, and then relied on the vendors of SSO products to do the rest. (Although, yes, I would totally agree if you were to say that they've done the absolute minimum to enable it)
The machine I use for work currently has almost 30 ways to identify me to various organisations, and most of them provide SSO as an adjunct.
SSO is not a single thing you can just do. Every way to do it depends on your service providers.
The market is still in a huge state of flux. Some providers are (or were) emerging as the leaders in the field, but then Google announces that they're killing off most of the methods they use in the world's most popular browser, and so there's more turmoil.
There's no way to "integrate SSO into the product" until the world has settled on a single standard way to do it. I'm middle-aged, but close to "old". But I don't expect this to be done in my lifetime unless the AIs take over.
You may want to look at Atlassian Crowd. It is from Atlassian, so its not a third party product. Though it is a separate product and license.
It is their "enterprise" solution for single sign on across multiple Atlassian Applications. It has more integration possibilities.
Crowd works great, but you'll need to know that JSD customers added to Crowd consume a Crowd license (not a JSD license, but a Crowd license).
For this reason, some companies use Okta so they don't have to pay for Crowd licenses for Customers.
We often have questions from folks using Jira Service Management about the benefits to using Premium. Check out this video to learn how you can unlock even more value in our Premium plan. &nb...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events