Forge: enabling SAML

The content on this page relates to platforms which are not supported by Atlassian. Consequently, Atlassian cannot guarantee providing any support for it. Please be aware that this material is provided for your information only and using it is done so at your own risk.


To enable SAML in Forge:

  1. Enter your SAML metadata URL in the template. If Forge has already been deployed, spin down to 0 and and back up to 1 node to create a new node with the SAML configuration.
  2. Edit /home/forge/atl-cfn-forge/permissions.json on the node to add your groups, and configure their permissions. This file is provided for example only - you can use any groupname in your directory.


When configuring SAML with your Identity Provider (IDP) the following attributes need to be set:

User.Email
User.firstName
User.lastName

Example SAML response for a user:

<Attribute Name="User.Email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
    <AttributeValue>you@your_company.com</AttributeValue>
</Attribute>


For the groups, memberOf needs to be set.

Example SAML response for a group:

<Attribute Name="memberOf" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
    <AttributeValue>my_group1</AttributeValue>
    <AttributeValue>my_group2</AttributeValue>
</Attribute>


The SAML response should also contain the following:

setSubjectName = my_username 
setHttpDestination = https://my_node.my_company.com/saml/acs/
setAudience = https://my_node.my_company.com/
setRecipient = https://my_node.my_company.com/saml/acs/
Last modified on Aug 31, 2018

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.