JIRA SSO Plugin from Resolution GmbH also enables you to SAML Single Sign On (SSO) to JIRA Service Desk.
Starting with version 0.13, JIRA SAML Single Sign On (SSO) allows authenticating users on the JIRA 7 Service Desk Customer portal (https://<jira>/Servicedesk/Customer/portal).
Existing users can be authenticated (and updated) and new users can be created on the fly during login (see Create or update users with data from a SAML response).
In general, users will be assigned to groups that are included in the SAML-Response from the IdP. In addition to these groups, Customers will be added to the group specified in the configuration field JIRA SD Customer Groups:
The SAML SSO Authenticator
JIRA 6.4 allowed a workaround to authenticate Service Desk users which could be implemented within the SAML Single Sign On-plugin. Starting with JIRA 7, this no longer works.
Now it's necessary to install this authenticator: samlsso-authenticator-1.1.1.jar
Copy the JAR file to your JIRA installation directory under
<!-- Comment out the JiraSeraphAuthenticator --> <!-- <authenticator class="com.atlassian.jira.security.login.JiraSeraphAuthenticator"/> --> <!-- Add this line to enable the JiraSsoAuthenticator --> <authenticator class="com.resolution.samlsso.authenticator.JiraSsoAuthenticator"/>
- Restart JIRA to enable this change.
If the authenticator is installed correctly, the information "The SAMLSSOAuthenticator is installed in this system." should be displayed:
Adding this Authenticator should have no impact on an existing system. It inherits from JiraSeraphAuthenticator and adds an additional method to create one-time tokens.
This method is called by the SAMLSSO-Servlet within the Plugin and the retrieved token is added to a redirected request to perform the authentication.