You are viewing the Kantega SSO legacy documentation. The new documentation site is: https://kantega-sso.atlassian.net/wiki/x/hwAb

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: fikset feil sidetittel

Remember My Login

Jira and Jira Service Desk dashboards and views frequently use XHR/REST calls to retrieve and update data. Unfortunately, the page logic generally doesn't handle session timeouts in a good way. Views simply become non functional without any user feedback at all, with multiple screens that simply stop functioning and the only explanation to be found in the Browser's Javascript console.. Clicking menu items, links or buttons simply doesn't do anything, and the user has to manually refresh the page to trigger re-authentication to make things work again. 

If this is a problem for your users, you can mitigate it by enabling "Remember My Login" (RML) in Kantega Single Sign-on. This will make Jira remember all SSO users in the same way as a user checking the if they had checked "Remember my login" checkbox available for during regular username and password authentication. Jira has a 5 hour session timeout by default. With RML enabled, users effectively stay logged in for two weeks by default, making session timeouts a far more rare occurrence. Note: There is one major caveat, which is why this isn't enabled by default. With RML for SSO enabled, users will The caveat is that users now only need to authenticate check in with the IDP/SSO once every two weeks . In other words, responsibility and control is taken away from IDP. or so. You should consider if this carefully is acceptable before choosing deciding to enable RML for SSO. It may be a non-issue, but if your access control policy strategy relies heavily relies on the IDP sideallowing access at login-time, you probably do not want to enable RML for your SSO users.

Knowledge base

By integrating Jira Service Desk and Confluence, the customer portal can automatically provide links to relevant knowledge base content in Confluence. This allows users to troubleshoot and potentially solve the issue on their own, or at least to further refine the ticket.  

...

There are several ways to tune the behaviour of logins into JSD. If you, for instance, would like to have Kerberos only from your LAN, you can set up IP address restrictions. Also, if you have multiple SAML identity providers you can setup redirection rules for users based on their email domain, user directory associations and group memberships.

Knowledge base permissions

Setup of Confluence as a knowledge base is very easy if the documentation is public and does not require authentication. However, this it not the case for many organizations. It is a common scenario that knowledge base articles should be available through the customer portal/service desk, but at the same time require authentication for users accessing this content in Confluence directly.

...