Single Sign-on Integration with JIRA and Confluence

Added by Jonathan Nolen, last edited by Ivan Benko on Jun 23, 2008  (view change) show comment

A Single Sign On system allows users to use a single login for multiple applications. Confluence can use JIRA logins without requiring an SSO system, or you can integrate JIRA and Confluence with the following SSO systems:

  • Crowd (Recommended) - Atlassian's single sign-on, authentication, authorisation, application provisioning and identity management framework

Additionally, people have reported some degree of success integrating the following SSO systems with JIRA and/or Confluence:

JIRA and Confluence integrate with SSO systems Seraph, the Atlassian authentication library. Seraph is a very simple, pluggable J2EE web application security framework developed by Atlassian and used in our products.

Seraph allows you to write custom authenticators which will accept the login creditentials of your existing single sign-on system.

For Confluence 2.2 and above you must extend com.atlassian.confluence.user.ConfluenceAuthenticator instead of the Seraph DefaultAuthenticator.


You can browse user-contributed SSO plugins or check out these examples:

There has been discussion of intergrating with Siteminder on the mailing list that may be applied to JIRA integration. All third-party code must be treated with caution - always backup your Confluence instance before use. If you create a custom SSO plugin and would like to contribute it to the user community, please let us know on a support ticket.

Discussion Forums

Seraph Discussion Forums

Labels

authentication authentication Delete
seraph seraph Delete
sso sso Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.

Comments (6)

 

  1. May 25, 2007

    Gary S. Weaver says:

    I confirmed Shibboleth (Internet2 SSO) works: https://spaces.internet2.edu/displ...

    I confirmed Shibboleth (Internet2 SSO) works: https://spaces.internet2.edu/display/SHIB/ShibbolizedConfluence

  2. Aug 07, 2007

    Gary S. Weaver says:

    Have some questions about custom authenticators written for use with an SSO: As...

    Have some questions about custom authenticators written for use with an SSO:

    • As a best practice, what password should be populated in the user's password field if you are autoprovisioning (automatically creating) users as part of the authenticator that is using an SSO for authentication?
      • It seems that it could be a possible security risk to leave password null or even to assign any arbitrary value to it (unless it was very unique).
      • Leaving password null appears to be a problem (issue CONF-9117) with migration of os_user to atlassian-user.
    • What is the best practice to avoid the issue of two different nodes in a cluster both checking at the same time whether a user exists and automatically provisioning the user at the same time (which would cause a unique constraint exception to be thrown from the DB driver)?
    • Should there be any preference given to overriding/implementing login() vs. getUser() in the custom authenticator for this purpose? (getUser() gets called an awful lot, so for sure if you use that, you'll want to attempt to just get and return the user from session first.)
    • Are there any suggestions as whether UserManager or UserAccessor should be used for autoprovisioning users (or creating them in general) for each of the different versions of confluence (both version#, whether using massive, and whether using os_user vs. user-atlassian schema)?

  3. May 02

    Stefan Kunz says:

    Is there a possibility to use SSO from a Microsoft ISA server for Jira and ...

    Is there a possibility to use SSO from a Microsoft ISA server for Jira and Confluence?

  4. Jun 30

    Brian Bukowski says:

    We are using Confluence 2.7 with Siteminder for SSO.  How can I remove the ...

    We are using Confluence 2.7 with Siteminder for SSO.  How can I remove the "password" link in Preferences > Edit Profile so that users don't have the ability to change their password?

    1. Jun 30

      Roberto Dominguez says:

      Administration > General Configuration > Security and Privacy > External User Ma...

      Administration -> General Configuration -> Security and Privacy -> External User Management set to On

      1. Jul 01

        Brian Bukowski says:

        Thanks for the response Roberto.  I don't want to turn External User Manage...

        Thanks for the response Roberto.  I don't want to turn External User Management on because I'd still like to manage my groups from within Confluence.  I was wondering how to remove the actual "password" link from the edit profile page.  I managed to find confluence-2.7.war/users/changemypassword.vm, but I'm not sure how to remove the link from the left-hand nav bar.