SAML SSO Support?

Hello - We have an application that is the identity provider for a SAML solution. Can/will confluence be setup to be the service provider for a SAML setup?

I understand Crowds is the SSO solution for the different Atlassian products. Perhaps Crowds supports a general SAML request?

Thank you - Kyle

15 answers

1 accepted

7 votes
Accepted answer

Hello

This is also a hot topic for us and maybe for other customers too!?

Is there any out-of-box solution for SAML 2.0 support (in Confluence or Crowd) or do we have to implement a custom authenticator?

Thanks,
Roger

Hi Roger,

Quite a while since you asked that Question. Our sister company has just published a plugin on the Marketplace which implements SAML 2.0 for Jira & Conflence (tested with Microsoft ADFS).

They had to use an implementation of a custom authenticor to get this done. Before deciding to implement we obviously looked at the existing and found nothing sensible for us which worked well enough with both Confluence & Jira.

We've also been running it internally for the last couple of months flawless.

The plugin can be found https://marketplace.atlassian.com/plugins/com.resolution.atlasplugins.samlsso

If you tested it & consider purchasing, let me know as I can organize a 50% promo code.

4 votes
David Simpson Community Champion Jul 14, 2013

I've previously integrated Confluence with SAML when I used Confluence as the identity provider for a SAML SSO plugin -- you can find out more details in the post "Concur Single Sign-On plugin for Confluence using SAML".

What you're after is really the converse of that. It could be achieved with a custom authenticator - perhaps in a manner similar to AppFusions' Google Apps Authenticator for Confluence. Here's my video demo showing the Google Apps authenticator in action.

Contact me direct if you wish to know any further details.

Hello,

Unfortunately the roadmap for Crowd, Jira and Confluence do not include support for SAML. It is an often requested feature that we are not going to include in our product line. https://jira.atlassian.com/browse/CWD-1822 is the feature request page where developers have commented on the issue. You can see that it has been resolved as "Won't Fix."

We have a number of experts that would be happy to help you with a custom solution. It appears as if there may already be a third party that is providing a SAML Identity Provider. Your best bet would be to contact them to see if their solution is right for your needs

I was surprised to read this. Why not?

Is SAML not an open standard and do you not believe this will prevent large enterprises from adopting your solution? I would think this is in your product lines best interests.

I'm not wild about the idea of working with another vendor to implement their custom SAML solution for your product. That would unnecessarily complicate upgrades and support. My expectation is for any vendor that expects to be taken seriously as an Enterprise solution to offer easy, well-tested ways to federate identity.

I am a current customer of Confluence but only with a 25-seat on premise license used within IT for technical documentation. I was considering Confluence for a much larger rollout firm wide but this basically ends that consideration. It is simply not practical for my IT Dept to manage thousands of accounts seperately.

Also, the Jira issue you are linking to goes a page that says the project was deleted.

Here is the link to the cwd project stating that we will not be implementing SAML.

https://jira.atlassian.com/browse/CWD-1822

If this is a necessary feature, please contact one of our experts who will be better able to assist with this.

What is the app? AppFusions can help you.

We have a Google Apps Authenticator for Confluence, and I *think* it was with SAML that we did this.

I need to double check with engineering on this one.

ANyways, contact us if you would like to discuss.

Best,

Ellen

info@appfusions.com

Hi,

We are also interested in using SAML and more specifically using ADFS for JIRA authentication.

Hello,

I have successfully configure OIOSAML with JIRA: https://svn.softwareborsen.dk/oiosaml.java/sp/trunk/docs/index.html

NameID is available from request.getRemoteUser() which is properly caught by the authenticator.

With a small patch in SPFilter, I have allowed REST and SOAP APIs and also the login screen even without SAML assertion available in session.

Hope this help

Hi Yves,

can you confirm which version of JIRA did you manage to configure with OIOSAML?

I am facing the same issue and is currently investigating your solution.

Cheers.

Hello Jean,

I use OIOSAML.J 9918 http://digitaliser.dk/group/42063/resources because it has passed some kind of certification.

In a first release, I had to exclude a large set of paths in SPFilter code and add conditions if opensynphony authentication were used... and finally got troubles with many features like "Attach screenshot" for instance, Firefox got a corrupted jar file !

I have just deployed another implementation where SPFilter is invoked from Seraph Authenticator only (so no longer declared in web.xml), still with path exclusions for SOAP and REST API typically, and now I wait for users' feedback but I think it will be OK.

Hello Martin, I want to configure SSO for JIRA using SAML2.0. Could you please provide more information?

I propose you deploy this new plugin (not at all related to my own work done with OIOSAML) https://marketplace.atlassian.com/plugins/com.bitium.jira.SAML2PluginJira

Hi Yves,

thanks for your reply.

I will give it go.

Cheers.

Quite a while since you asked that Question. Our sister company has just published a plugin on the Marketplace which implements SAML 2.0 for Jira & Conflence (tested with Microsoft ADFS).

We've also been running it internally for the last couple of months flawless.

The plugin can be found https://marketplace.atlassian.com/plugins/com.resolution.atlasplugins.samlsso

If you tested it & consider purchasing, let me know as I can organize a 50% promo code.

I'd like to get some feedback on anyone using this solution.
Maybe its too soon, but 0 out of 0 stars is not encouraging enough to give this a test.

Hi Randall,

not sure if you wanna take my word for it - it is worth testing, if you are using an environment as above (Jira or Confluence and MSADFS). Setup

0 out of 0 just means no one has rated this yet - which is not too uncommon with Plugins published only about a month ago (most people are still using their eval licenses right now, a few even purchased outright).

Feedback from the people who are evaluating it at the moment, is generally it works. We actually got confirmation that it also works with a variety of other IdPs (other than ADFS). We are just pulling their configs together to document setup of other IdPs & a compatibility list).

Most of the conversation with the evaluators is actually around new feature request, most common is to support others of the Atlassian Applications (i.e. Bamboo, ...), which we are prioritizing based on their wishes.

I hope that gives you a bit more comfort, that it might be worth your time ...

CC

HI Christian Reichert, I have used SAML single sign on plugin for Trial versions JIRA as well as Confluence. It is working beautifully. The SAML idp that i used - SimpleSAMLPhp. I am eager to know when this plugin is going to support for Bamboo & Stash. It is kind of urgent to me. Apart from SAML SSO plugin, do we have any solution to achieve SAML 2.0 based SSO with atlassian products.

Great to hear that it is working beautifully for you; As for Bamboo & Stash, one of you developers is looking into that at the moment - however their authentication system is different, so I'd be lying if I would give you any concrete timeline at the moment. But be assured that you are by far not the only one who has requested this, so it's high up on our list.

Hi, any steps or link where i can find proper process to implement this.

Hi All,

Please check my article on this. It might help you as I have tried to provide a complete solution.

http://thetechrecipes.com/index.php/2016/08/11/saml-integration-with-jira-and-other-java-web-app/

Regards

Prakhar

Hi All,

Please check my article on this. It might help you as I have tried to provide a complete solution.

http://thetechrecipes.com/index.php/2016/08/11/saml-integration-with-jira-and-other-java-web-app/

Regards

Prakhar

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted 2 hours ago in United States

Thanksgiving Tuesday

Good morning All, First of all, Happy early Thanksgiving from the NOVA AUG Leaders! I am anticipating no one will be looking at the group on Thanksgiving Day 😊 Today's topic will be different th...

9 views 1 1
View post

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you