...
...
Warning |
---|
!!! We are currently migrating this Cloud Instance to our own hosted Server instance !!!Please follow this link to get to the content you wanted: https://wiki.resolution.de/x/EACxAQThanks for your understanding. |
...
Before version 0.14.3, no groups were assigned to SD Customer-users. Starting with 0.14.3, users are assigned to the groups included in the SAML-Response from the IdP. They are not assigned to the groups specified in the Groups parameter in the IdP settings. This allows to add regular users to groups like jira-software-users by default (what causes a license to be consumed).
The SAML SSO Authenticator
JIRA 6.4 allowed a workaround to authenticate Service Desk users which could be implemented within the SAML Single Sign On-plugin. Starting with JIRA 7, this no longer works.
Now it's necessary to install this authenticator: samlsso-authenticator-1.1.1.jar
Warning |
---|
With versions prior to 1.1, directory sync issues could occur if JIRA is used as user directory for other applications like Confluence. Please ensure to have the JAR updated. |
To install it copy the JAR file to your JIRA installation directory under <jira-installation>/atlassian-jira/WEB-INF/lib
and modify <jira-installation>/atlassian-jira/WEB-INF/classes/seraph-config.xml:
Code Block |
---|
<!-- Comment out the JiraSeraphAuthenticator -->
<!-- <authenticator class="com.atlassian.jira.security.login.JiraSeraphAuthenticator"/> -->
<!-- Add this line to enable the JiraSsoAuthenticator -->
<authenticator class="com.resolution.samlsso.authenticator.JiraSsoAuthenticator"/> |
Warning |
---|
If there are older samlsso-authenticator-jars in the lib-folder, insure to delete those. There must be only one version on the classpath. |
Restart JIRA to enable this change.
Adding this Authenticator should have no impact on an existing system. It inherits from JiraSeraphAuthenticator and adds an additional method to create one-time tokens.
This method is called by the SAMLSSO-Servlet within the Plugin and the retrieved token is added to a redirected request to perform the authentication.