Child pages
  • Integrate with Atlassian Jira and Confluence

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3
Info
titleAbout this Howto

This Howto describes how to enable SSO for JIRA/Confluence and other apps utilizing Atlassian Seraph.

Sources

The sources are available from the ForgeRock Subversion Repository in community/extensions/seraphprovider. For more information on checking out this code please read this howto.

Build

Use maven 2.x, all artifacts should be already configured in the pom.xml. By default the pom is configured to use snapshot9, but you should update to reflect the version of OpenAM deployed.

JIRA

Install

  1. Copy the OpenAM client sdk to atlassian-jira/WEB-INF/lib/
  2. Create/copy an AMConfig.properties to atlassian-jira/WEB-INF/classes/ (or somewhere in the classpath)

    Info
    titleCreating an AMConfig.properties file

    To create an AMConfig.properties file you can simply run scripts/setup.sh from the client SDK samples. More information for the client SDK is on the Oracle Site. Additionally more specific information about the AMConfig.properties file is also available.

  3. Copy this projects jar to atlassian-jira/WEB-INF/lib/
  4. edit atlassian-jira/WEB-INF/classes/seraph-config.xml
Code Block
<param-name>login.url</param-name>
<param-value>http://yourlogin.yourdomain.com/openam/UI/Login?goto=${originalurl}</param-value>

<param-name>link.login.url</param-name>
<param-value>http://yourlogin.yourdomain.com/openam/UI/Login?goto=${originalurl}</param-value>

<param-name>logout.url</param-name>
<param-value>http://yourlogin.yourdomain.com/openam/UI/Logout</param-value>

In older versions of Jira comment out this line

Code Block
<!-- COMMENT OUT THIS LINE authenticator class="com.atlassian.seraph.auth.DefaultAuthenticator"/-->

In newer versions of Jira you will need to comment out this line:

Code Block
<!-- <authenticator class="com.atlassian.crowd.integration.seraph.JIRAAuthenticator"/> -->

For very old versions of Jira, add this line.

Code Block
<authenticator class="com.sun.identity.provider.seraph.OpenSsoAuthenticator"/>

For recent versions of Jira, add this line.

Code Block
<authenticator class="com.sun.identity.provider.seraph.OpenSsoJiraAuthenticator"/>

You will need to restart JIRA for changes to take effect.

Additional Steps

You may need to do one of two things:

  1. If you have a public JIRA, you're done.  Although you will still see the login form so you may want to remove that template.
  2. If you have a private JIRA and always to be redirected to SSO - see no login form/links -

add to atlassian-jira/WEB-INF/classes/seraph-paths.xml

Code Block
<path name="user">
<url-pattern>/*</url-pattern>
<role-name>user</role-name>
</path>

Confluence 3.0 and greater

Installation is much the same for Confluence. 

Install

  1. Copy the OpenAM client sdk to atlassian-confluence/WEB-INF/lib/
  2. Create/copy an AMConfig.properties to atlassian-confluence/WEB-INF/classes/ (or somewhere in the classpath)
  3. Copy this projects jar to atlassian-confluence/WEB-INF/lib/
  4. edit atlassian-confluence/WEB-INF/classes/seraph-config.xml
  5. Update the login.url, link.login.url and logout.url parameters as before. 

Comment out this line.

Code Block
<!-- &nbsp;<authenticator class="com.atlassian.confluence.user.ConfluenceAuthenticator"/> -->

replace with this:

Code Block
<authenticator class="com.sun.identity.provider.seraph.OpenSsoConfluenceAuthenticator"/>

You will need to restart Confluence for changes to take effect.