Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Jira SSO

Firas hammami
Firas hammami July 2, 2021

Hello 

Actually I have Jira connected to LDAP, I want to implement the SSO, have you any idea about the Authentication through http headers? (My IDP returns userID and a token)

 

Regards

Answer
Watch
Like Be the first to like this
436 views

1 answer

0 votes
Capi [resolution]
Capi [resolution]
Marketplace Partner
Marketplace Partners provide apps and integrations available on the Atlassian Marketplace that extend the power of Atlassian products.
July 2, 2021

Hi @Firas hammami 

I'm the content marketing manager at resolution. We have the leading SSO apps for Server and Data Center in number of installations and reviews. Perhaps you've already started testing our apps.

If you don't need anything else than the info in the headers, no additional SAML attributes, we have a standalone app that will do the job for you at a fraction of the cost.

However, UserID and token sounds very much like OIDC, not SAML. If that is the case, you can look at this other app:

https://marketplace.atlassian.com/apps/1211397/openid-oauth-authentication-jira?hosting=datacenter&tab=overview

Whatever the option, if you need help with a specific setup we're happy to help you with the implementation in a screenshare session: 

https://resolution.de/go/calendly.

View More Comments
Firas hammami
Firas hammami July 2, 2021

Hi @Capi [resolution] 

Thank you for all the informations, the problem is that we have our own IDP, and I already have an SP metadata,  we are using mellon module in apache with saml, your plugin offers a pre-configure metadata SP this is the problem

Like
Christian Reichert (resolution)
Christian Reichert (resolution)
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 2, 2021

Hi Firas,

give you some really good advice, you would need to share more of your setup. If you don't want to do that in a public Forum, then consider doing this in our support Portal: https://resolution.de/go/support

Looking at your initial Question - we also have a plugin, that can authenticate via HTTP headers: https://marketplace.atlassian.com/apps/1221625/http-header-authentication-for-jira?hosting=server&tab=overview

However, with the full picture, it's hard to say if that would be the best solution for you. 

If your IDP natively supports SAML - then the SAML plugin may be the better solution. But I am not sure what you are referring to when saying "pre-configure metadata".

Like I said we may be in a better position to recommend something with more background.

Cheers,
Chris

Like # people like this
Firas hammami
Firas hammami July 2, 2021

Hi Christian 

thank you for the informations, I'm using Jira 7, this plugin supports Jira 8   https://marketplace.atlassian.com/apps/1221625/http-header-authentication-for-jira?hosting=server&tab=overview .

I have tried Jira saml plugin, the problem is that I can not change the EntityID, I have to put my own urls, which is not supported by the plugin.

 

 

regards

Like
Christian Reichert (resolution)
Christian Reichert (resolution)
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 2, 2021

Hi Firas,

 

on our SAML Plugin, you can change the Entity ID. You can also upload your own signing certificates and the corresponding private Key.
The only thing you cannot modify is the URL path under which the SAML Response has to be delivered from the IDP to the SP (if that is the URL you are referring to). All the IDP related URLs you can certainly configure.

If you absolutely need to have different URLs in your Jira instance to receive the SAML Response, then you may have to try with some URL rewrite on a reverse Proxy or Tomcat. 

Having said all of that, I don't know of any other SAML plugin which allows you to modify the path either. So I can't really point you to any other solution either.
So, it may still be worth giving my above suggestions a go - if you need help then maybe come back to the support offer.

Cheers,
Chris

Like
Firas hammami
Firas hammami July 5, 2021

Hi Christian 

the constraint is that we have Jira running behin an IBM http server with other services like confluence, in our company we have to implement to SSO in the IHS, that's why I did not understand how to use the plugin in our case.

Do you have any idea please?

 

Regards

Like
Reply

Suggest an answer

Log in or Sign up to answer
Product apps
Apps & Integrations
TAGS
AUG Leaders

Atlassian Community Events

    See all events