Important Update Effective February 1, 2024!
Due to recent changes in Jira and Confluence, we've made the tough decision to discontinue the OpenID Connect (OIDC)/OAuth app and no longer provide new versions for the newest Jira/Confluence releases as of January 31, 2024.
This is due to some necessary components no longer shipping with Jira/Confluence, which would require some extensive rewrites of the OIDC App.
Important Update! This app will be discontinued soon!
Due to recent changes in Jira, which no longer ships with some components required for our Read Receipts app to run, we've made the tough decision to discontinue the app, as of Februar 5, 2025.
Important Update! This app will be discontinued soon!
We've made the tough business decision to discontinue the app, as of January 11, 2025.
Configuring our app
Goal
After completing this guide, your Amazon load balancer will work with the AWS ALB & Amazon Cognito Authentication app.
If you want to create users during login based on the JWT sent by your load balancer or setup UserSync to connector via your identity provider, please see User Provisioning.
Prerequisites
This guide assumes the following:
- You have set up a Jira or Confluence instance on AWS with an ALB or ELB load balancer
- You have set up either Amazon Cognito or OIDC with your load balancer
- An Azure AD subscription
- A (trial) subscription for the AWS ALB Auth app
- Admin access to your Atlassian product and AWS
Guide
- Go to the AWS ALB & Amazon Cognito Authentication configuration and choose the Azure preset.
- This tutorial assumes that the username is sent in the x-amzn-oidc-accesstoken header via a claim called upn. If that does not matches your setup, you can change the used header token via the Token Header Name option and the Username Claim.
Note, that the claim upn is not a standard claim of Azure. Thus you must configure this. - This app automatically checks the signature of the x-amzn-oidc-data token. You must also enter the Issuer and the Amazon Ressource Name. To know where to find them please follow the instructions below.
The Issuer can be found in the OIDC settings in your load balancer authentication rule.
The ARN can be found in the Description tab of your Load Balancer in AWS. - Finally, click Save to save the configuration.