Page tree

Kerberos alert on 2018-09-05: Chrome 69 breaks Kerberos for CNAME setups. We've published a quick workaround guide: https://docs.kantega.no/display/KA/Temporary+workaround+for+Chrome+69+CNAME+regression





Skip to end of metadata
Go to start of metadata

Introduction

This guide provides step-by-step instructions on how to add AuthAnvil as an identity provider in JIRA using Kantega Single Sign-on.

The guide can also be used when setting up SAML with Confluence, Bitbucket, Bamboo and FeCru.

Add a new Application

Navigate to SSO Manager and press the green plus at the bottom right, then select the paper icon.

 


From the Library, add a Custom Application.

Application Configuration 

  • Start by giving your application a name.
  • Select your preferred authentication policy.

Adding an identity provider

In Kantega Single Sign-on add an identity Provider of the type "Any SAML 2.0 Identity Provider".


Prepare

Copy the ACS URL and Entity ID. These values are used in the next step.

Protocol Setup

  • In AuthAnvil, navigate to "Protocol Setup".
  • Paste the values from the prepare step into the corresponding fields.
  • Press "Add application". 

Attribute Transformation

By default, AuthAnvill will only send the Name ID SAML attribute.

If you want automatic user creation, the attributes email and DisplayName must be added. 

  • In "Attribute Transformation" Press Add custom Attribute Map". 
  • Add your preferred attributes. (See example below.)
  • Save the changes.

Permissions

Select which users should be able to log into the SAML application.

  • Navigate to Permissions.
  • Press "Add Groups" to Assign permissions to the application.
  • Select an already existing group or create a new one.
  • Save the changes.

Federation Metadata

  • Go to Protocol Setup.
  • Press "View Federation Metadata".
  • Copy the metadata URL that opens and save it for the next step.

Metadata import

  • In Kantega Single Sign-on, go to the metadata import step.
  • Paste the metadata URL from the previous step.
  • Press Next.

Location

  • Give the Identity Provider a name. (This name is visible to end users.)
  • The SSO Redirect URL is automatically imported from the metadata.
  • Press Next.

Signature

  • Review the imported signing certificate (This step is purely informational)
  • Press Next.

Users

  • Select whether users already exist or if you wish to have users automatically created upon login.
  • Note that for users to be created, a name, username and an email must be sent in the SAML response. (See previous insctrucions.)
  • Optionally assign a default group for new users.

Summary

  • Review the Summary.
  • Press Finish.

Testing/configuring the identity provider 

  • The test page is anonymously accessible. This means that the identity provider admin does not need to have JIRA access to perform the login test.

  • Open the login test URL in a private / incognito browser window and perform a test logon 


The following shows a successful login test. 

SSO test results

  • After a test logon is performed, go back to Test Results and select Results


  • Add the domain as a known domain 



Redirect mode

After setting up SSO choose a redirect mode that best fit your use case. 

Users should now be able to log into JIRA using their AuthAnvil account.




  • No labels