AWS ALB & Amazon Cognito AuthenticationAWS ALB & Amazon Cognito Authentication
Try For Free

Configuring our app

Goal

After completing this guide, your  Amazon load balancer will work with the AWS ALB & Amazon Cognito Authentication app.


Prerequisites

This guide assumes the following:

  • You have setup a Jira or Confluence instance on AWS with an ALB or ELB load balancer

  • You have setup either Amazon Cognito or OIDC with your load balancer

  • An Azure AD subscription

  • A (trial) subscription for the AWS ALB Auth app

  • Admin access to your Atlassian product and AWS

Guide

  1. Go to the AWS ALB & Amazon Cognito Authentication configuration and choose the Azure preset.
    1 quick start azure.png

  2. This tutorial assumes that the username is sent in the x-amzn-oidc-accesstoken header via an claim called upn. If that does not matches your setup, you can change the used header token via the Token Header Name option and the Username Claim.
    Note, that the claim upn is not a standard claim of Azure. Thus you must configure this.
    2 token name azure.png

  3. This app automatically checks the signature of the x-amzn-oidc-data token. Additionally, you can also check the issuer of this token, as well as Amazon Resource Name of the load balancer which sends the header. 
    3 security settings all others.png

    The Issuer is can be found in the OIDC settings in your load balancer authentication rule:
    3 issuer.png

    The ARN can be found in the Description tab of your Load Balancer in AWS.
    3 load balancer.png

  4. Finally, click Save to save the configuration.