IDaaS Open Platform

JIRA6 Plugin-Free Single Sign-On

Single Sign-On SSO

# Description

This document describes how to implement SAML authentication integration for JIRA6 without using plugins.

JIRA and Confluence versions 7.0 and above come with built-in SSO 2.0 configuration. Please refer to JIRA & Confluence Single Sign-On Configuration

For SSO plugin configuration, please refer to JIRA & Confluence SAML Plugin Authentication

# Authentication Configuration

# JIRA Configuration

  1. Place the customauth-jira-6.1.2.jar into the lib folder under WEB-INF.

  2. Place the jira_onelogin.xml file into the bin directory and the directory above bin.

  3. Check the xml content to obtain the parameter information.

  4. Parameter configuration is as follows:

    Parameter Parameter Description
    certificate IDP certificate in IDaaS
    assertion (Assertion Consumer Service URL) http://jira_address/secure/Dashboard.jspa
    https://jira_address/secure/Dashboard.jspa
    issuer Same as above
    ssotarget SSO URL in the IDP configuration within IDaaS

  5. To download the IDP metadata for IDaaS, please visit https://{your_domain}/api/v1/saml2/idp/metadata.

  6. Modify the seraph-config.xml file in the classes directory, adding the following content:

    <authenticator class="com.onelogin.jira.saml.SSOAuthenticator"/>
    1

  7. Modify dashboard.jsp in the secure\views directory, adding the following content:

    if(request.getSession().getAttribute("os_destination") != null){
  String os_destination =  request.getSession().getAttribute("os_destination").toString();
    request.getSession().setAttribute("os_destination",null);
     response.sendRedirect(os_destination);
  }
    1
    2
    3
    4
    5

  8. Modify loginform.jsp in the include directory, adding the following content:

<%@ page import= "com.onelogin.jira.saml.SSOAuthenticator" %>
if(request.getParameter("SAMLResponse") == null)
  {
      String redirectURL = 
      request.getSession().getAttribute("reqString").toString();
      response.sendRedirect(redirectURL);
   }else{
 
      if(jiraAuthenticationContext.getLoggedInUser() != null)
      {
 
          if(request.getSession().getAttribute("os_destination") != null)
          {
              String os_destination = 
                  request.getSession().getAttribute("os_destination").toString();
                  response.sendRedirect(os_destination);
          }else{
              response.sendRedirect("/");
          }
       }
   }
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

# IDaaS Configuration

  1. Add the built-in application JIRA.

  2. Configure application parameters.

Parameter Description
SP Entity ID Jira base access URL (This URL is obtained from the assertion in jira_onelogin.xml)
ACS URL Base access URL (This URL is obtained from the assertion in jira_onelogin.xml)
Audience URI Base access URL (This URL is obtained from the assertion in jira_onelogin.xml)
NameID Format Select urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
Name ID Account name

  1. In the built-in applications, select the JIRA icon, then choose 【Authorization Management】--> Add account.

    The application account name here must match the Username in JIRA.

# Login Verification

After configuring SAML authentication, JIRA's username and password login entry will become unavailable.

JumpServer Single Sign-On