Page tree

Kerberos alert on 2018-09-05: Chrome 69 breaks Kerberos for CNAME setups. We've published a quick workaround guide: https://docs.kantega.no/display/KA/Temporary+workaround+for+Chrome+69+CNAME+regression





Skip to end of metadata
Go to start of metadata

Introduction

This guide provides step-by-step instructions on how to add Bitiumas an identity provider in JIRA using Kantega Single Sign-on.
The guide can also be used when setting up SAML with Confluence, Bitbucket, Bamboo and FeCru.

Add an App in Bitium

  • Navigate to Apps, then select Add an App
  • Search for and select saml sp

Naming the application

  • Give your application a name.
  • Select your preferred Type. E.g. Individual Account.
  • Press Install App.

Assign Users (Subscribers)

  • Select Assign Users.
  • Select the preferred accounts.
  • Choose a username for the selected accounts.
  • Press Done.

Adding an identity provider

In Kantega Single Sign-on add an identity Provider of the type "Any SAML 2.0 Identity Provider".

Prepare

  • Copy the ACS URL.
  • Press Next.


Configure the Single Sign-on App in Bitium

  • In Apps Overview, select the App you just created.
  • Select Single Sign-on.
  • Paste the ACS URl from the previos step into SAML URL.


Download Bitium Metadata

  • If your server has Internet access, copy the metadata URL. (Preferred)
  • If the server does not have Internet access, download the metadata.

Metadata import

  • Import the metadata using one of the options.
  • Pres Next.


Location

  • Give the Identity Provider a name. (Depending on your redirect mode, this name may be visible to end users.)
  • The SSO Redirect URL is automatically imported when using metadata.
  • Press Next.



Signature

  • Review the imported signing certificate. (This step is purely informatinal.)
  • Press Next.


Users

  • Select whether users already exist or if you wish to have users automatically created upon login.
  • Note that for users to be created, a name, username and an email must be sent in the SAML response.
  • Optionally assign a default group for new users.


Summary

  • Review the Summary.
  • Press Finish.

Testing/configuring the identity provider 

  • The test page is anonymously accessible. This means that the identity provider admin does not need to have JIRA access to perform the login test.

  • Open the login test URL in a private / incognito browser window and perform a test logon.


The following shows a successful login test. 

SSO test results

  • After a test logon is performed, go back to Test Results and select Results.


  • Add the domain as a known domain.


  • Choose the preferred SAML username attribute.
  • If a SAML username attribute matches an already existing user, the test will present the following message:

Redirect mode

After setting up SSO choose a redirect mode that best fit your use case. 


Users should now be able to log into JIRA using their Bitium account.

  • No labels