How to integrate Jira with my company's SSO

In my company, we have a SSO system for web applications.

Now I want to integrate Jira with this system and I have some questions:

1. How can I configure or do some development to make Jira redirect login request to the SSO system?

2. After user login, the SSO system will redirect to Jira with user info. How can I make Jira log user in with these info?

I searched some article saying 'serpha' could help? I am not sure.

Please help to give solution to this problem.

Thanks & Regards,

Yaoyu

4 answers

1 accepted

This widget could not be displayed.

Hi,

Close. "Seraph", not serpha :)

This is an Atlassian library which JIRA (and other Atlassian products) use to authenticate users - http://docs.atlassian.com/atlassian-seraph/latest/

You may take a look at this documentation on how to write custom seraph authenticator: http://docs.atlassian.com/atlassian-seraph/latest/sso.html

There a nice page describing how this works in ... Confluence (but it should be similar in JIRA too): https://developer.atlassian.com/display/CONFDEV/HTTP+authentication+with+Seraph

I recommend taking a look at the source code of the current implementations used by JIRA: com.atlassian.jira.security.login.SSOSeraphAuthenticator and com.atlassian.crowd.integration.seraph.v25.CrowdAuthenticator

You should also take a look at http://confluence.atlassian.com/display/DEV/Single+Sign-on+Integration+with+JIRA+and+Confluence

answers.atlassian.com has a dedicated label for serpah-related questions - https://answers.atlassian.com/tags/seraph/ - but there are not yet many entries there.

Hi Seliga,

Very helpful information.

Thanks very much

Yaoyu

Hi Seliga,

Now Jira is integrated with my company's SSO. thanks very much for your information.

Now I encounter a new problem. System can log user in system and work, but from Administration page, all users login details are not recorded.

Could you please help to advise how can I record the user login detail using API?

Thanks in advance.

Regards,

Yaoyu

Hey,

Login attempts are recorded through com.atlassian.jira.security.login.LoginManager (e.g. onLoginAttempt() method) which uses com.atlassian.jira.security.login.LoginStore. LoginManager is used by com.atlassian.jira.security.login.JiraElevatedSecurityGuard which is configured normally in seraph-config.xml.

Although I've not worked on this piece of code, I think you could call LoginManager or LoginStore methods from your filter directly or use similar elevatedsecurityguard as the one used by default.

I hope it helps.

Cheers,

Wojtek

Hi wojtek,

The code works for recording the login information.

Thanks very much.

Regards,

Yaoyu

Hi Wojciech,

I'm really thankful for your answer, but the web pages seem to be really outdated. For example the http://docs.atlassian.com/atlassian-seraph/latest/sso.html.

The DefaultAuthenticator in Jira 5.2 needs to implement other Methods so I got stuck with that.

What I try to achive is login via specific http header and thats it.
I'm using Jira behind a corperate Firewall and its also used as reverse proxy. So usaly the request to Jira go first to the apache server and he does the authentification. Next the request gets forwarded with http header information and in my case its trusted. So I dont need to login again.

Is this possible with Jira?

Hi, Seliga,

I'm also trying to integrate JIRA with our company's SSO. The approach and documentaions you provided are using Java, but the technolog we're using is .Net C#.  Do you have any suggestions or documenations for integrating JIRA with our company's SSO with .NET C# technology.  

Thank you,

Zee Xia

This widget could not be displayed.

I've added seraph tag to your question.

This widget could not be displayed.

Indeed it seems that the "latest" info at http://docs.atlassian.com/atlassian-seraph/latest/sso.html is completely out of date.

Does any body have a link to build instructions for a custom Seraph authenticator? I have some basic code that I want to test, but can't get past the Maven unresolved deps problem:

[ERROR] Failed to execute goal on project dmajsso: Could not resolve dependencies for project uk.co.dma:dmajsso:jar:0.2-SNAPSHOT: The following artifacts could not be resolved: opensymphony:webwork:jar:1.4-atlassian-22, webwork:pell-multipart-request:jar:1.31.0, osworkflow:osworkflow:jar:2.8.1, opensymphony:propertyset:jar:1.5 .....

(and more lines)

Example pom.xml for a custom Seraph authenticator would be great ....

Hi dan,
After a while I figured it out by mayself. Please see Stack Overflowhttp://stackoverflow.com/questions/16273566/jira-5-2-seraph-sso-login-behind-reverse-proxy

Hope that it will help you.

Cheers, Tobias

Hello All,

I also want to integrate JIRA with company's SSO. I am using Jira version 4.4.4. I have a couple of questions.

1. Does the seraph support Jira 4.4.4v?

2. Searph by default is in Java. Is it available in ASP.net/C#? We are not working on Java.

Any help is appreciated.

Thanks in advance.

This widget could not be displayed.

Hi dan,
After a while I figured it out by mayself. Please see Stack Overflow http://stackoverflow.com/questions/16273566/jira-5-2-seraph-sso-login-behind-reverse-proxy

Hope that it will help you.

Cheers, Tobias

Suggest an answer

Log in or Sign up to answer
Atlassian Summit 2018

Meet the community IRL

Atlassian Summit is an excellent opportunity for in-person support, training, and networking.

Learn more
Community showcase
Posted Wednesday in New to Jira

Are you planning to trial, or are currently trialling Jira Software? - We want to talk to you!

Hello! I'm Rayen, a product manager at Atlassian. My team and I are working hard to improve the trial experience for Jira Software Cloud. We are interested in   talking to 20 people planning t...

286 views 5 0
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you