I'm trying to integrate Jira (5.2) into our company's ADFS 2.0 to enable single sign on using SAML.
I've written a custom Authenticator (as subclass of JiraSeraphAuthenticator). This authenticator's method getUser(HttpServletRequest req,HttpServletResponse res) extracts the userid from a SAMLResponse and checks the CrowdService for a user with this id.
This is working as expected- If I log in on the ADFS page, I'm logged in correctly.
My problem is now how to redirect to the ADFS login page. I've tried writing a subclass of SecurityFilter that creates the SAML-request and redirects to the ADFS instead of the Seraph login URL, but it seems like this is never happening- I only see the Jira login form. It seems like the decision to request the user to login is happening somewhere else.
Any Idea where I have to put my piece of code to make Jira redirecting to the ADFS page instead of showing it's own login page?
I thought the LoginFilter could be a place, but as far as I understand it, this filter kicks in after the login form is shown.
thank you very much in advance
as far as I know you can configure your custom login URL in WEB-INF/classes/seraph-config.xml
BUT since I am writing a Jira 6 Authenticator myself right now and configuring these URLs didn't work for me, I am at a loss about that, too.
Maybe this configuration works for you?
It came out that I had some misunderstandings about SAML IdP and SP-initiated SSO.
I changed the login.url parameter in seraph-config.xml to
where jira is the identifier configured on ADFS for Jira. This is working, ADFS is redirecting me back to Jira with the required SAML message.
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
We're bringing product updates and pro tips on teamwork to ten cities around the world.Save your spot