Versions Compared

Old Version 5

changes.mady.by.user Jörg (TMP) B (TMP)

Saved on

compared with

New Version 6

changes.mady.by.user Jörg (TMP) B (TMP)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Set up your Identity Provider to deliver attributes for userid, email address, full name and optional group assignments in the reponse. 
    This is an example response for a user "camilla" with full name "Camilla the Chicken" and the email address "camilla@muppets.com":

    Code Block
    <samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified" Destination="https://jira7sd.lab.inserve.local/plugins/servlet/samlsso" ID="_2d7d3fe5-a2a1-45b5-93de-a39e27d7ff2d" InResponseTo="ldjedifipldjoefccdnlomjmlebmmieomblnfopn" IssueInstant="2016-02-11T22:01:28.284Z" Version="2.0">
      <Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">http://dc01.ad.lab.inserve.local/adfs/services/trust</Issuer>
      <samlp:Status>
        <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
      </samlp:Status>
      <Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="_958e90f3-5d10-4d92-b376-45b9bb6db68d" IssueInstant="2016-02-11T22:01:28.284Z" Version="2.0">
        <Issuer>http://dc01.ad.lab.inserve.local/adfs/services/trust</Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
         ...
        </ds:Signature>
        <Subject>
          <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
            <SubjectConfirmationData InResponseTo="enefpfnmgckjadiephjbdhacakigkiooonkonjgl" NotOnOrAfter="2016-02-11T22:27:46.519Z" Recipient="https://jira7sd.lab.inserve.local/plugins/servlet/samlsso"/>
          </SubjectConfirmation>
        </Subject>
        <Conditions NotBefore="2016-02-11T22:22:46.503Z" NotOnOrAfter="2016-02-11T23:22:46.503Z">
          <AudienceRestriction>
            <Audience>https://jira7sd.lab.inserve.local/plugins/servlet/samlsso</Audience>
          </AudienceRestriction>
        </Conditions>
        <AttributeStatement>
          <Attribute Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname">
            <AttributeValue>camilla</AttributeValue>
          </Attribute>
          <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name">
            <AttributeValue>Camilla the Chicken</AttributeValue>
          </Attribute>
          <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress">
            <AttributeValue>camilla@muppets.com</AttributeValue>
          </Attribute>
        </AttributeStatement>
        <AuthnStatement AuthnInstant="2016-02-11T21:43:25.002Z">
          <AuthnContext>
            <AuthnContextClassRef>urn:federation:authentication:windows</AuthnContextClassRef>
          </AuthnContext>
        </AuthnStatement>
      </Assertion>
    </samlp:Response>
  • Install the plugin
  • Go to the plugin configuration page. 
  • Enter or select the SAML attribute names delivered by the IdP for Userid, Full Name, Email and Group. If you have imported metadata containing friendly names for these attributes, you can use the select boxes.
     
  • Scroll down and check the "Create or update users"-checkbox. 

  • Scroll down and flll the Groups-field with an appropriate group name (e.g. jira-core-users). Newly created users will always be assigned to this groups, no matter what groups are delivered by the IdP. 

    Info

    This field does not apply to JIRA Service Desk Customers

    Image Modified 

  • Click Save.