Confluence Logout Url for Okta

Avinash Singh February 9, 2018

Hi,

We have integrated both Jira and Confluence with Okta.

With Jira it was easy to configure the logout.url parameter since it was found in [jira_webdir]/WEB-INF/classes/seraph-config.xml

With confluence a little more work was involved as we needed to extract /opt/atlassian/confluence/confluence/WEB-INF/lib/confluence-6.1.2.jar, update logout section in the xwork.xml.

<action name="logout" class="com.atlassian.confluence.user.actions.LogoutAction">
<interceptor-ref name="defaultStack"/>
<result name="error" type="velocity">/logout.vm</result>
<result name="success" type="redirect">https://oktapreview.com</result>
</action>

and repackage the jar file. Why is it that two applications from the same company have to configured in very different ways? Could we not have a generic way of configuring SSO that will be retained after upgrades?

Once configured how can we ensure that the login screens for both applications can never be accessible and ensure that authentication always happens through Okta? We dont want users to be able to manually login since it will bypass Okta and authenticate them through the application itself.

Regards,

Avinash

2 answers

0 votes
David Yu
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 6, 2018

Why is modifying xwork.xml necessary? The Okta instructions say that if you're missing the logout.url param, to simply add it.

<init-param> <param-name>logout.url</param-name> <param-value>https://my.okta.com</param-value> </init-param>

Avinash Singh April 9, 2018

Thanks that works :)

Is there any other parameter that needs updating to prevent the login screen from never showing up ?

In the case with the login there is also:

<param-name>link.login.url</param-name>

Is there also something similar for the logout url?

<param-name>link.logout.url</param-name>

0 votes
ryebenedict
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 16, 2018

 

Hi there Avinash,


You can check out our Global SSO for Confluence Add-on here if you're looking for a more seamless SSO configuration across your Atlassian products as this should cater for both your JIRA and Confluence instances.

On the other hand, for your concern on having Users manually login via the Application URL, your SSO configuration should have an option to redirect these logins back to Okta, where it'll work like an SP-initiated authentication, and still require Users to authenticate against the SSO before they can proceed.

Hope this helps to clarify. :) 

Avinash Singh February 18, 2018

Thanks Ryan I will have a look and provide some feedback.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events