Plugin Configuration

!!! We have migrated this cloud instance to our own hosted server instance !!!


Please follow this link to find the content you are looking for: https://wiki.resolution.de/doc/saml-sso/latest/jira/setup-guides-for-saml-sso

Thank you for your understanding.


Open the SAMLSSO plugin configuration at https://<confluence/jira-url>/plugins/servlet/samlsso/admin or by clicking Configure  in the Plugin Manager.

Enter the appropriate settings and click Send.

SettingDescriptionExample
IdP URLURL on the Identity Provider where the SAML authentication requests are sent to.https://adfs.example.com/adfs/ls/
Default redirect URL

Relative URL on JIRA or Confluence to redirect to after successful login if no specific URL was called. This is usually the case if the samlsso-Servlet is opened directly.

This value is usually just / if Confluence/JIRA is running in the root context.

/
Login page URLIf the SAML login fails, a link to the username/password login page is displayed in the error page. For Confluence, this is usually /login.action, for JIRA /login.jsp/login.jsp
Override Login URLIf this box is checked, JIRA/Confluence redirects to the samlsso-Servlet (which redirects to ADFS) instead of the login page. If this is box is not checked, single sign on only works if the samlsso-Servlet is called directly at https://<confluence/jira-url>/plugins/servlet/samlsso.
IdP Certificate

Paste the BASE64-encoded Token Signing Certificate here.

If you leave this field empty, the SAML response signature validation is disabled. This can be useful for testing and troubleshooting, but it's strongly recommend to enable the validation. Otherwise, attackers could gain access by sending fake SAML-responses.

After clicking Send, the certificate is shown in the field below in readable form.



JIRA: Add the redirect Gadget to the System Dashboard

The redirect gadget has been removed in version 0.11.1 and later for JIRA. To redirect requests to the dashboard, just check the checkbox "Redirect requests to the dashboard" on the configuration page


If the JIRA base URL is opened, the System Dashboard is shown for the anonymous user instead of redirecting the user to the login page. This can confuse the users because they see the login gadget instead of getting logged in automatically.

To avoid this, the Plugin comes with the SAML SSO Redirect gadget:

Add this Gadget to the system dashboard. If a the system dashboard is displayed for a logged in user, it just shows the logged in name:

If no user is logged in, the gadget triggers a redirect to /plugins/servlet/samlsso from where the user is authenticated and redirected back to the dashboard.