Relatert bilde

Setup guide for Keycloak login with Atlassian server and datacenter products.


This setup guides assumes that Kantega SSO is installed as an add-on to your Atlassian product (JiraConfluenceBitbucketBamboo, or FeCru).

Context: This setup starts in the Configuration page of the Kantega SSO add-on. This configuration page can be found by pressing "Configure" on "Kantega Single Sign-On (SSO)" in list of installed add-ons.




Log into Keycloak admin 

Log into Keycloak and select your realm. We are using the realm example.com


Prior to this guide, User Federation with LDAP has been set up in Keycloak, against the Active Directory domain example.com. This allows provision of the same users and groups into Jira/Confluence/etc using an LDAP user directory. If you cannot use LDAP, you will need to use SAML JIT provisioning instead. This makes Kantega SSO create new users in Internal Directory the first time they log in. We'll get into the details later.

User Federation

We will configure userPrincipalName as the Keycloak username attribute. These settings are found under User Federation for the example.com realm in Keycloak.

Settings:
Username LDAP attribute: userPrincipalName
RDN LDAP attribute: userPrincipalName

Mappers:
LDAP Mappers,username, LDAP Attribute: userPrincipalName

Adding an Identity Provider

In Kantega Single Sign-on add an identity Provider of the type "Any SAML 2.0 Identity Provider".

Prepare

Add a Client in Keycloak


Settings

Mappers

Mappes are only needed if you want to have users automatically created on login using SAML JIT provisioning. Mappers make Keycloak include the SAML Response attributes required to create new users in the Internal Directory. If users already exist in JIRA (using LDAP or some other means of provisioning), you can skip this step.


Create mapper for lastName:

Create mapper for givenName

Create mapper for email:

Create mapper for managed group claims:

Metadata import

Location

Signature

Users

Summary

Testing/configuring the identity provider

After finishing the wizard, you will be sent to the test pages to finalize the setup. Here, you may also perform additional configuration. Follow this generic introduction to the test pages and final configuration. AD FS is used as the example here.