Hi,
I'm trying to integrate Jira (5.2) into our company's ADFS 2.0 to enable single sign on using SAML.
I've written a custom Authenticator (as subclass of JiraSeraphAuthenticator). This authenticator's method getUser(HttpServletRequest req,HttpServletResponse res) extracts the userid from a SAMLResponse and checks the CrowdService for a user with this id.
This is working as expected- If I log in on the ADFS page, I'm logged in correctly.
My problem is now how to redirect to the ADFS login page. I've tried writing a subclass of SecurityFilter that creates the SAML-request and redirects to the ADFS instead of the Seraph login URL, but it seems like this is never happening- I only see the Jira login form. It seems like the decision to request the user to login is happening somewhere else.
Any Idea where I have to put my piece of code to make Jira redirecting to the ADFS page instead of showing it's own login page?
I thought the LoginFilter could be a place, but as far as I understand it, this filter kicks in after the login form is shown.
thank you very much in advance
Kind Regards
Jörg
It came out that I had some misunderstandings about SAML IdP and SP-initiated SSO.
I changed the login.url parameter in seraph-config.xml to
https:
//adfs.ourcompany.com/adfs/ls/IdpInitiatedSignOn.aspxLoginToRP=jira
where jira is the identifier configured on ADFS for Jira. This is working, ADFS is redirecting me back to Jira with the required SAML message.
Hi Jörg,
as far as I know you can configure your custom login URL in WEB-INF/classes/seraph-config.xml
BUT since I am writing a Jira 6 Authenticator myself right now and configuring these URLs didn't work for me, I am at a loss about that, too.
Maybe this configuration works for you?
Kind Regards
Theresa
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.