Versions Compared

Version Old Version 2 New Version 3
Changes made by

Huiyi Lin

Huiyi Lin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Click Add-ons under JIRA Administration on the top right corner of your JIRA interface. Then, you will be taken to Atlassian Marketplace. Search for SAML SSO and click on Free Trial to install. 

Image RemovedImage Added

After installation succeeded, click on Manage, then choose Configure. Now, you are on the plugin configuration page. 

Image RemovedImage Added 


Back to Top

Step 2: Setup the ADFS   
Anchor
Step2
Step2

...

Expand
titleDo substep A1 if your ADFS has connection to your JIRA instance.

Substep A1:

      • Copy the SAML Metadata-URL from your SAML Single Sign On config page.

    Image RemovedImage Added

Expand
titleDo Substep A2 if your ADFS has no connection to your JIRA instance or if Step C1 below failed.

Substep A2:

      • Save the linked metadata.xml of the SAML Metadata URL from your SAML Single Sign On config page.
      • Move the saved metadata.xml to your ADFS on a location your choice.

...

  • Open the AD FS 2.0 Management Console and select Add Relying Party Trust to start the Add Relying Party Trust Wizard.

      Image RemovedImage Added


  • Click the Start Button to start the wizard.

      Image RemovedImage Added

Substep C: Insert your SAML Metadata

Expand
titleDo Substep C1 if you completed Step A1.

Substep C1:

  • Select Import data about the relying party published online or on a local network and paste in the SAML Meta-URL from JIRA in the Federation metadata address (host name or URL) field.
  • Click Next.

      Image RemovedImage Added


Info
If an error is appeared after clicking on Next button, check the connection from ADFS to the JIRA instance. If you can't build up a connection, start a new wizard and begin with Step A2.
Expand
titleDo Substep C2 if you completed Step A2.

Substep C2:

  • Select Import data about the relying party from file and browse to your metadata.xml location with the Browse... button or fill in your location directly.
  • Click Next.

      Image RemovedImage Added

Back to Top


Substep D: Finish the Add Relying Party Trust Wizard

  • Fill the field Display name with a name of your choice.
  • Click Next.

      Image RemovedImage Added


  • Select I do not want to configure multi-factor authentication settings for this relying party trust at this time.
  • Click Next.

      Image RemovedImage Added


  • Select Permit all users to access this relying party.
  • Click Next.

      Image RemovedImage Added


  • Click Next.

      Image RemovedImage Added      


Info
If an error is appeared after clicking on Next button, check if you have added the same relying party already.
  • Check the Open the Edit Claim Rules dialog for this relying party trust then the wizard closes checkbox to open the Edit Claim Rules dialog after closing the wizard.
  • Click Close to finish the Add Relying Party Trust Wizard.

      Image RemovedImage Added   

Back to Top

...

Substep E: Add Name ID as Claim Rule

JIRA needs a Name ID (on the normal case) from the SAML Response to authenticate users. So we need to add a claim rule on ADFS, which add the Name ID in every SAML Response from ADFS.    

Expand
titleIf you didn't tick "Open the Edit Claim Rules dialog...", then it's necessary to open it manually for your Relying Party Trust, following steps here.
  • Navigate to ADFS → Trust Relationships → Relying Party Trusts on the left Navigation panel.
  • Select your Relying Party Trust.
  • Click on Edit Claim Rules... on the right Actions panel.

Image RemovedImage Added

Otherwise, continue from below.

  • Click the Add Rule... Button to open the Add Transform Claim Rule Wizard

      Image RemovedImage Added


  • Select Send LDAP Attributes as Claims in the Claim rule template drop-down list.
  • Click Next.

      Image RemovedImage Added


  • Fill the field Claim rule name with a name your choice.
  • Select Active Directory in the Attribute store drop-down list.
  • Select your appropriate LDAP Attribute in the first drop-down field from LDAP Attribute (Select or type to add more). In this example we are using the Windows login name attribute SAM-Account-Name as Name ID.
  • Select Name ID in the first drop-down field from Outgoing Claim Type (Select or type to add more).
  • Click Finish to complete the Add Transform Claim Rule Wizard.

      Image RemovedImage Added

  • Check if your new rule has been added to the Edit Claim Rules dialog. Try again Step E if it has failed.
  • Click Apply to save your settings.
  • Click OK to finish.

      Image RemovedImage Added


Back to Top

Step 3: Configure the Plugin   
Anchor
Step3
Step3

...

  • Click the URL radio-button and paste the Metadata URL into the field below.
  • Check Accept all if your IdP's https-certificate is not in your JIRA instance's trust store.
  • Click on Load.

      Image RemovedImage Added


Substep B: Configure general JIRA groups in Advanced IdP Settings

...

  • Click on show Advanced IdP Settings, find User Group in the drop down menu. 

Image RemovedImage Added


  • Click Save settings to store the configuration

Image RemovedImage Added

Back to Top

Step 4: Test 
Anchor
Step4
Step4

...

After testing, you can enable the login page redirection to finally activate the plugin. After checking the Enable SSO Redirect checkbox and clicking Save settings, requests to the JIRA login page should be redirected to the ADFS.

Image RemovedImage Added


Info

If Enable SSO Redirect is enabled, you can login to JIRA manually by browsing https://<your-JIRA>/login.jsp?nosso. Use this URL if you need to login a local user unknown to the ADFS or if there are any issues with Single Sign On.

...