This setup guides assumes that Kantega SSO is installed as an add-on to your Atlassian product (Jira, Confluence, Bitbucket, Bamboo, or FeCru).
Context: This setup starts in the Configuration page of the Kantega SSO add-on. This configuration page can be found by pressing "Configure" on "Kantega Single Sign-On (SSO)" in list of installed add-ons.
Log into Keycloak and select your realm. We are using the realm example.com
Prior to this guide, User Federation with LDAP has been set up in Keycloak, against the Active Directory domain example.com. This allows provision of the same users and groups into Jira/Confluence/etc using an LDAP user directory. If you cannot use LDAP, you will need to use SAML JIT provisioning instead. This makes Kantega SSO create new users in Internal Directory the first time they log in. We'll get into the details later.
We will configure userPrincipalName as the Keycloak username attribute. These settings are found under User Federation for the example.com realm in Keycloak.
Username LDAP attribute: userPrincipalName
RDN LDAP attribute: userPrincipalName
LDAP Mappers,username, LDAP Attribute: userPrincipalName
In Kantega Single Sign-on add an identity Provider of the type "Any SAML 2.0 Identity Provider".
Mappes are only needed if you want to have users automatically created on login using SAML JIT provisioning. Mappers make Keycloak include the SAML Response attributes required to create new users in the Internal Directory. If users already exist in JIRA (using LDAP or some other means of provisioning), you can skip this step.
Create mapper for lastName:
Create mapper for givenName
Create mapper for email:
Create mapper for managed group claims:
After finishing the wizard, you will be sent to the test pages to finalize the setup. Here, you may also perform additional configuration. Follow this generic introduction to the test pages and final configuration. AD FS is used as the example here.