Versions Compared

Old Version 13

changes.mady.by.user Christian Reichert

Saved on

compared with

New Version 14

changes.mady.by.user Huiyi Lin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...


Warning

!!! We are currently migrating this Cloud Instance to our own hosted Server instance !!!

Please follow this link to get to the content you wanted: https://wiki.resolution.de/x/EACxAQ

Thanks for your understanding.

...

Before version 0.14.3, no groups were assigned to SD Customer-users. Starting with 0.14.3, users are assigned to the groups included in the SAML-Response from the IdP. They are not  assigned to the groups specified in the Groups parameter in the IdP settings. This allows to add regular users to groups like jira-software-users by default (what causes a license to be consumed).

The SAML SSO Authenticator

JIRA 6.4 allowed a workaround to authenticate Service Desk users which could be implemented within the SAML Single Sign On-plugin. Starting with JIRA 7, this no longer works.

Now it's necessary to install this authenticator: samlsso-authenticator-1.1.1.jar

Warning

With versions prior to 1.1, directory sync issues could occur if JIRA is used as user directory for other applications like Confluence. Please ensure to have the JAR updated.

To install it copy the JAR file to your JIRA installation directory under <jira-installation>/atlassian-jira/WEB-INF/lib and modify  <jira-installation>/atlassian-jira/WEB-INF/classes/seraph-config.xml:

Code Block
<!-- Comment out the JiraSeraphAuthenticator -->
<!-- <authenticator class="com.atlassian.jira.security.login.JiraSeraphAuthenticator"/> -->
<!-- Add this line to enable the JiraSsoAuthenticator -->
<authenticator class="com.resolution.samlsso.authenticator.JiraSsoAuthenticator"/>
Warning

If there are older samlsso-authenticator-jars in the lib-folder, insure to delete those. There must be only one version on the classpath.

Restart JIRA to enable this change.

Adding this Authenticator should have no impact on an existing system. It inherits from JiraSeraphAuthenticator and adds an additional method to create one-time tokens.

This method is called by the SAMLSSO-Servlet within the Plugin and the retrieved token is added to a redirected request to perform the authentication.