We've noticed that if we log in using SSO with a jira/confluence-administrator user, when we try to go to an administration page, we are prompted to re-enter the user password. Why the SAML Single Sign On plugin does not perform the authentication process ?
The WebSudo component does not use the SAML SSO Plugin for authentication. You essentially have two options.
- You login/create a normal administrator account with a JIRA/Confluence password and use him to access the administration section.
- Disable WebSudo: https://confluence.atlassian.com/adminjiraserver074/configuring-secure-administrator-sessions-881684205.html
A little more background:
- You login to Confluence/Jira via SSO so entering your Username & Password at the IdP (if you weren’t already authenticated there).
- Once you want to become admin, WebSudo would send you to the IdP for authentication.
- The IdP sees you are already authenticated and sends you back to Jira/Confluence as AUTHENTICATED, WITHOUT asking you for the password again.
- Here you go you are in the admin section.