Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

SSO 2.0 with Autologin

Travis Blubaugh
Travis Blubaugh July 8, 2019

We have an on-prem clustered environment of Jira Datacenter. We are looking to start using SSO 2.0 (baked in version) using Azure as our idp.  In a test environment, I have this working but only when I click on the Log In link at the top.  Is there a way to use this so that it automatically logs in when loading the Jira url?

As a way to test SSO, you can use this link https://JIRASERVER-FQDN/plugins/servlet/external-login which actually authenticates you without the need to click on Log In. I have tried adding this to the SSL Pass through Proxy to no avail using the following.

#Normal condition
#ProxyPass "/" "http://JIRASERVER:[PORT]"

#Test condition
ProxyPass "/" "http://JIRASERVER:[PORT]/plugins/servlet/external-login/"
ProxyPass "/nosso/" http://JIRASERVER:[PORT]/login.jsp?auth_fallback"

The normal condition by it self works fine.  When I use the test condition, I end up hitting 404 Crossbones. I know it is probably something simple I'm missing.

Answer
Watch
Like Be the first to like this
2588 views

2 answers

1 accepted

0 votes
Answer accepted
Travis Blubaugh
Travis Blubaugh July 9, 2019

Found a solution. It may not be "the" solution but it does work.

https://community.atlassian.com/t5/Jira-questions/Redirect-domain-to-login-jsp-instead-of-system-dashboard/qaq-p/588696

View More Comments
Rob Banister
Rob Banister
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
July 9, 2019

Hey Travis - We are looking to potentially use SSO 2.0 for our Jira Datacenter, however, it doesn't seem to be working as expected.  Is using SSO 2.0 dependent on whether or not you have Crowd? Can you have SSO 2.0 work with just Microsoft AD + Jira SSO2.0 + OneLogin without Crowd?   

Like
Christian Reichert (resolution)
Christian Reichert (resolution)
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 9, 2019

Hi @Rob Banister ,

SSO 2.0 is what Atlassian calls it when Crowd Acts as a "mini" SAML IdP, so that there is a unified Login Page to sign in into Crowd.

So technically speaking SSO 2.0 is only possible with Crowd.

I am not a 100% sure what setup you exactly mean when referring to:

Can you have SSO 2.0 work with just Microsoft AD + Jira SSO2.0 + OneLogin without Crowd 

Does that mean you have MS AD sync'd to OneLogin and would like to authenticate all Users against OneLogin?

If so that is probably possible with the Data-Center SAML: https://confluence.atlassian.com/enterprise/saml-single-sign-on-for-atlassian-data-center-applications-857050705.html

If you setup is a bit more complex or you need some more advanced functions (i.e. modifying Usernames to match what OneLogin sends & what you get sync'd from AD, mulitple Identity Provides e.g. AD via ADFS & OneLogin ) then you could look at our plugin. It's the most used SAML Plugin across the Atlassian Server & Data-Center Applications:

https://marketplace.atlassian.com/apps/1212130/saml-single-sign-on-sso-jira-saml-sso?hosting=datacenter&tab=overview

We have many enterprise customers using it in conjunction with OneLogin. Here is a our Video Tutorial for that Setup: https://www.youtube.com/watch?v=lVF2AE3YvM0

If your Setup is a bit more complicated, you can also setup a meeting with us via https://resolution.de/go/calendly to discuss this.

Cheers,
  Christian

P.S. Full disclosure - I work for resolution, a marketplace vendor

Like
Travis Blubaugh
Travis Blubaugh July 10, 2019

@Rob Banister I have an on prem instance running data center with a registered application within Azure. Using this page (https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/jiramicrosoft-tutorial) as a guide, I was able to get the baked in SSO within Jira dc to work with Jira SSO by Microsoft (you add this within Azure).

As @Christian Reichert (resolution) points out, you will need to match your usernames to your Azure usernames.  In our case we were using sAMAccountname initially and had to edit our ldap to use the UserPrincipalName.  Once I did this, it magically worked.

The plugin that Christian shared here is probably the best one I saw and we are using it for our on prem Confluence.  It has its own Azure registered app so it is super easy to setup.  We considered using it for Jira as well, but I managed to get it working without it (sorry Christian).

If you have the budget for the plugin, I'd recommend it.

Like
Reply
0 votes
Lokesh Naktode_miniOrange
Lokesh Naktode_miniOrange
Marketplace Partner
Marketplace Partners provide apps and integrations available on the Atlassian Marketplace that extend the power of Atlassian products.
July 10, 2019

Hi @Travis Blubaugh ,

 

Inbuilt SAML Authentication for JIRA Data Center will only redirect the user to IDP when they try to access the /login.jsp page and seems you are looking to redirect all the unauthenticated user from every page.

 

In this case, I suggest you to take a look at the third-party SAML SSO app in the Atlassian Marketplace which will provide you lots of customizable options to redirect users and also provides the additional features for SAML SSO for eg. SAML Single Logout, Support for signed and encrypted SAML assertion, etc.

 

SAML plugin from miniOrange :

https://marketplace.atlassian.com/apps/1215430/jira-saml-single-sign-on-sso-jira-sso?hosting=datacenter&tab=overview

Setup guide for Azure AD:

https://plugins.miniorange.com/saml-single-sign-on-sso-jira-using-azure-ad-idp

 

Feel free to reach out at atlassiansupport @miniorange.com in case of any assistance.

 

Thanks,

Lokesh

FD: I work for the miniOrange one of the top SSO vendor in the Atlassian Marketplace.

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events