Skip to content

JIRA6 Plugin-Free Single Sign-On

Overview

This article describes how JIRA6 implements SAML authentication integration without plugins.

For JIRA and Confluence versions 7.0 and above, which come with SSO 2.0 configuration, please refer to JIRA & Confluence Single Sign-On Configuration

For SSO plugin configuration, please refer to JIRA & Confluence SAML Plugin Authentication

Authentication Configuration

JIRA Configuration

  1. Put customauth-jira-6.1.2.jar into the lib package under WEB-INF.

  2. Put jira_onelogin.xml into the bin directory and the parent directory of bin.

  3. View the XML content to obtain parameter information.

  4. Parameter configuration is as follows:

    ParameterParameter Description
    certificateIDP certificate in BambooCloud IDaaS
    assertion (Assertion Consumer Service URL)http://jira-address/secure/Dashboard.jspa

https://jira-address/secure/Dashboard.jspa | | issuer | Same as above | | ssotarget | SSO URL in the IDP configuration of BambooCloud IDaaS |

  1. To download BambooCloud IDaaS IDP metadata, visit https://{your_domain}/api/v1/saml2/idp/metadata.

  2. Modify the seraph-config.xml file in the classes directory and add the following content:

    xml
    <authenticator class="com.onelogin.jira.saml.SSOAuthenticator"/>
  3. Modify dashboard.jsp in the secure\views directory and add the following content:

    java
    if(request.getSession().getAttribute("os_destination") != null){
      String os_destination =  request.getSession().getAttribute("os_destination").toString();
        request.getSession().setAttribute("os_destination",null);
         response.sendRedirect(os_destination);
      }
  4. Modify loginform.jsp in the include directory and add the following content:

    java
    <%@ page import= "com.onelogin.jira.saml.SSOAuthenticator" %>
    if(request.getParameter("SAMLResponse") == null)
      {
          String redirectURL = 
          request.getSession().getAttribute("reqString").toString();
          response.sendRedirect(redirectURL);
       }else{
     
          if(jiraAuthenticationContext.getLoggedInUser() != null)
          {
     
              if(request.getSession().getAttribute("os_destination") != null)
              {
                  String os_destination = 
                      request.getSession().getAttribute("os_destination").toString();
                      response.sendRedirect(os_destination);
              }else{
                  response.sendRedirect("/");
              }
           }
       }

BambooCloud IDaaS Configuration

  1. Add the built-in application JIRA.

  2. Configure application parameters.

    ParameterParameter Description
    SP Entity IDJira base access address (this address is obtained from the assertion in jira_onelogin.xml)
    ACS URLBase access address (this address is obtained from the assertion in jira_onelogin.xml)
    Audience URIBase access address (this address is obtained from the assertion in jira_onelogin.xml)
    NameID FormatSelect urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
    Name IDAccount name
  3. In the built-in application, select the JIRA icon, choose Authorization Management --> Add Account.

    The application account name here must be consistent with the Username in JIRA.

Login Verification

WARNING

After configuring SAML authentication, the JIRA username and password login entry will become invalid.

BambooCloud IDaaS Open Platform