Skip to content

JIRA & Confluence SAML Plugin Authentication

Overview

This article is a plugin configuration guide. JIRA and Confluence versions 7.0 and above come with SSO 2.0 configuration. Please refer to JIRA & Confluence SSO Configuration.

Authentication Configuration

Confluence or Jira Configuration

Add Plugin

  1. The user logs in to Confluence, finds Plugin Management in the management console, searches for and adds the SAML Single Sign On for Confluence plugin or Single Sign On(SSO) for Confluence SAML. Either one is sufficient.

    DANGER

    Plugin activation requires a License.

Plugin Configuration

To download the BambooCloud IDaaS IDP metadata, visit https://{your_domain}/api/v1/saml2/idp/metadata.

SAML Single Sign On for Confluence Plugin Configuration:
  1. The IDP configuration parameters are as follows. Other parameters can be kept default:

    ParameterParameter Description
    NameCustom
    MetadataIDP metadata, can be filled with URL address or XML file content
    IdP Entity ID / IssuerIDP EntityId
    Login BindingPOST
    IdP POST Binding URLIDP SSO URL
    IdP Token Signing CertificatesIDP certificate
  2. Click show info for IdP to automatically generate parameters, which will be used in the subsequent BambooCloud IDaaS application parameter configuration:

    ParameterParameter Description
    Entity IDSP Entity ID
    SAML Endpoint URLAssertion Consumer Service URL (ACS URL)
    Service Provider Certificate (as PEM)Download PEM format certificate
    CertificateVerification signature certificate
miniOrange SAML Single Sign-On Configuration Plugin:
  1. Click the Service Provider Info tab to automatically generate parameters, which will be used in the subsequent BambooCloud IDaaS application parameter configuration:

    ParameterParameter Description
    SP Entity ID /IssuerSP Entity ID
    ACS URLAssertion Consumer Service URL (ACS URL)
    Audience URIAudience URI
    CertificateVerification signature certificate
  2. Click the Configure IDP tab to edit IDP information.

    ParameterParameter Description
    IDP NameCustom
    IDP Entity ID/IssuerIDP EntityId
    Send Signed RequestsRequest signature, check
    SSO Binding TypeSelect Use HTTP-Redirect Binding for SSO
    Single Sign On URLIDP SSO URL
    NameID FormatSelect SAML:2.0 nameid-format persistent; (must be consistent with BambooCloud IDaaS application configuration)
    IDP Signing CertificateIDP certificate

BambooCloud IDaaS Configuration

  1. Log in to the BambooCloud IDaaS Enterprise Center, choose Resources > Applications > Pre-integrated Applications, and add the built-in application Confluence or Jira.

  2. Configure authentication parameters.

    ParameterParameter Description
    SP Entity IDSP Entity ID / Issuer in Confluence configuration
    Assertion Consumer Service URL (ACS URL)ACS URL
    NameIDSelect account name
    NameID FormatSelect
    Audience URIAudience URI
    Verify Request SignatureYes
    Verify Signature CertificateCertificate of Confluence or Jira
  3. Configure mapping parameters (add username attribute).

  4. After configuration is complete, switch to the Authorization Management > Application Account tab to add an account. The application account name here should be consistent with the account name in Confluence or Jira.

Login Verification

Application-Initiated Login

Click the Use Corporate Login button to automatically jump to the BambooCloud IDaaS authentication center for login.

BambooCloud IDaaS-Initiated Login

Log in to the BambooCloud IDaaS User Center, click the application logo, and single sign-on into the application system.

BambooCloud IDaaS Open Platform