Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Integrate Jira with Keycloak (plugin SSO for Atlassian Server and Data Center)

Hello community, 

lately i had a request about integrating Jira SSO (with OpenId protocol) with Keycloak. I am doing as always some tests in my test environment before i implement the solution to the client. I have installed the latest Jira v8.6.1 (https://localhost:8443/) , so i can use the internal plugin from Atlassian "SSO for Atlassian Server and Data Center" and also the Keycloak standalone server (https://localhost:8442/).

The plugin itself provides me this two links to give them to identity provider (pic is from the Jira plugin).
2020-01-31 10_42_06-SSO 2.0 - Jiratest.png

The first link i assume that i have put it correctly (pic is from Keycloak / Client section)

2020-01-31 10_47_31-Keycloak Admin Console.png

  • But what about the second one

Except this, when i use this link which is provided from the plugin,2020-01-31 10_53_15-SSO 2.0 - Jiratest.png

  1. It redirects me to the keycloak login page (as i assume is correct) ,
  2. I provide the credentials from a user ,who exists both in Jira and Keycloak with the same name:password combination.
  3. After this, it redirects me back to Jira without being logged in , while i receive this error message.2020-01-31 10_58_34-We had trouble logging you in. - Jiratest.png
  4. In tomcat i see this log
    31-Jan-2020 10:41:41.619 WARNING [https-jsse-nio-8443-exec-22] com.sun.jersey.spi.container.servlet.WebComponent.filterFormParameters A servlet request, to the URI https://localhost:8443/rest/activity-stream/1.0/preferences?_=1580463700444, contains form parameters in the request body but the request body has been consumed by the servlet or a servlet filter accessing the request parameters. Only resource methods using @FormParam will work as expected. Resource methods consuming the request body by other means will not work as expected.

I don't know if i have to configure the seraph-config.xml or the web.xml or something else, so i request your knowledge if someone of you knows :) If you need more infos i am happy to provide them

Thanks in advance,
CM

 

PS. i know that there is a plugin already which does this work easier ''Jira Enterprise SSO with Keycloak'', but i want to use the free tool first.

1 answer

Almost self solved question..... 

  1. First i enabled the dark features option to take more logs from tomcat, "-Datlassian.darkfeature.atlassian.authentication.include.stacktrace.in.error.messages=true" .
  2. Yes , both Jira & Keycloak using HTTPS , but i forget to put the certificates in each other keystore. 
  3. Last but not least it was how jira claims the username from keycloak. This should be configured in jira to claim the value from the "Token Claim Name" ,which is preferred_username, and not as i assumed username or name :) .

Suggest an answer

Log in or Sign up to answer
TAGS

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you