Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,364,839
Community Members
 
Community Events
168
Community Groups

Single Sign On & Single Sign Off using SAML/OIDC plugins on multiple Atlassian tools transparently

Edited

Hi All,

In a scenario where JIRA and Confluence share an Identity Provider, if a user has logged in via SSO in Confluence... it should be automatically recognised as that user in JIRA
Without any single manual step, eg click on login again on JIRA. 

In the same scenario where the user is not logged in using SSO, user should have the ability to view the public projects/spaces and sign in via SSO.

 

Second case is that if the user logs out *anywhere* (that is, Keycloak,JIRA, Confluence or anywhere else that uses the federated login) then it should be logged out in all the federated applications

 

Please share your experiences in achieving the above using plugins without any custom coding. Thanks for your time, much appreciated.

 

Regards

Fayaz

2 comments

We have the same problem. A number of plugins allow for automatic and "transparent" login but only if no anonymous access is required. If we have to enable anonymous access to some content (ie without requiring login) then JIRA doesn't know that the user has logged in in the Identity Provider and already been recognized by Confluence at this point.

Has anyone managed to crack this problem. This scenario seems to work fine with mod_auth_openidc, for example.

Daneil

OK just some of my own input on the issue.

Apache's mod_auth_openidc does offer a solution to this problem by using iframes, which of course only works with OpenID Connect (what the module implements)

https://github.com/zmartzone/mod_auth_openidc/wiki/OpenID-Connect-Session-Management

I would guess that any solution for SAML would have to work on the same principles. Do we know if any of the plugins available implements this kind of "Session Management"?

Cheers

Daniel

Comment

Log in or Sign up to comment