Problem
We've noticed that if we log in using SSO to our ADFS with a jira-administrator (or confluence) user, when we try to go to an administration page, we are prompted to re-enter the user password. Why the SAML Single Sign On plugin does not perform the authentication process ?
Solution
The WebSudo component does not use the SAML SSO Plugin for authentication. You essentially have two options.
...
- Disable WebSudo: https://confluence.atlassian.com/jira/configuring-secure-administrator-sessions-231343939.html#ConfiguringSecureAdministratorSessions-DisablingSecureAdministratorSessions
- Use local Admin Users, with a local password in the Jira/Confluence Database
A little more background:
There isn’t a good Way to implement SSO with WebSudo. Lets assume we could have WebSudo do single sign on … what would happen then is:
...
To out knowledge there is no Way via SAML Protocol to force the IdP to ask for the Password again – since our plugin can’t know the password (that would defeat the whole SAML Security architecture) we have no other Way than sending the request to the IdP.
Related articles
| Filter by label (Content by label) | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...