Important Update Effective February 1, 2024!
Due to recent changes in Jira and Confluence, we've made the tough decision to discontinue the OpenID Connect (OIDC)/OAuth app and no longer provide new versions for the newest Jira/Confluence releases as of January 31, 2024.
This is due to some necessary components no longer shipping with Jira/Confluence, which would require some extensive rewrites of the OIDC App.
Important Update! This app will be discontinued soon!
Due to recent changes in Jira, which no longer ships with some components required for our Read Receipts app to run, we've made the tough decision to discontinue the app, as of Februar 5, 2025.
Important Update! This app will be discontinued soon!
We've made the tough business decision to discontinue the app, as of January 11, 2025.
6.0.x release notes
What's new
- Support for OpenID Connect (beta):
- Use OIDC as a standalone or combine OIDC and SAML configuration in multi identity provider setups.
- User Provisioning options:
- Use a Just-In-Time connector to create/update users based on OIDC claims,
- Or use a UserSync connector to create/update users, either on login or with periodical syncs.
- The separate SAMLWrapper plugin is no longer required and is removed automatically after upgrading.
Upgrade consideration
SAML Single Sign On 6.0.0 enforces the validity of the audience of a SAML response. If your IdP does not send a valid audience in SAML responses, logins will no longer work after upgrading to that version, unless the IdP's configuration is fixed. Please check this article in our knowledge base for further information.
- Since 6.0.0 is a major update, please make sure to have backups.
- The separate SAMLWrapper plugin is no longer required and is removed automatically after upgrading.
Data Center
This version is fully compatible with Jira, Confluence and Bitbucket Data Center.
Changelog
6.0.11
Released on 30 June 2022 for Jira, Confluence, Bitbucket and Bamboo (Server and Data Center).
- Removed inline JavaScript from hidden POST binding form to avoid issues with Content Security Policy and caching.
- Added progress logger for better debugging of login performance issues.
Changes specific to Jira
- None
Changes specific to Confluence
None
Changes specific to Bitbucket
None
Changes specific to Bamboo
- None
6.0.10
Released on 14 June 2022 for Jira, Confluence, Bitbucket and Bamboo (Server and Data Center).
- SAML Single Sign-On 6.0.10 comes with the User Sync 2.4.5 release, see 2.4.x release notes.
- Added option to make XML Schema validation optional for SAML responses.
- Added missing cache directive for POST binding form.
- Updated libraries.
Changes specific to Jira
- None
Changes specific to Confluence
None
Changes specific to Bitbucket
None
Changes specific to Bamboo
- None
6.0.8/6.0.9
Released on 19 May 2022 for Jira, Confluence, Bitbucket and Bamboo (Server and Data Center).
- SAML Single Sign-On 6.0.8/6.0.9 comes with the User Sync 2.4.4 release, see 2.4.x release notes.
- Fixed issue with Single Logout where the logout URL was not used when using redirect binding.
Changes specific to Jira
- None
Changes specific to Confluence
None
Changes specific to Bitbucket
None
Changes specific to Bamboo
- None
6.0.7
Released on 18 May 2022 for Jira, Confluence, Bitbucket and Bamboo (Server and Data Center).
- SAML Single Sign-On 6.0.7 comes with the User Sync 2.4.3 release, see 2.4.x release notes.
- Added whitelist to define additionally allowed issuers for assertions in the SAML response.
- Fixed auto-adding to default groups on first login for users from LDAP directories.
- Fixed: OIDC client secret was leaked into support information.
- Fixed: OIDC login for Azure guest users. If you encounter login problems for guest users, you must choose the new mapping preset in the SAML configuration.
- Fixed Single Logout issues with Azure AD and Keycloak.
- Fixed issue with IdP-initiated Single Logout via POST binding.
- Fixed validation of invalid certificates. This could lead to invalid saved configurations that cause failing logins.
- Fixed: the user interface is no longer broken when the logged-in user has no email address.
- We have updated internal and external dependencies. While we're not aware of any security risk, we've updated the following external dependencies to the latest versions:
- bouncycastle → 1.71
- jackson-annotations → 2.13.3
jackson-core → 2.13.3
jackson-databind → 2.13.3
- spring-context 4.1.7.RELEASE → 5.3.20 (although this is a provided dependency and not shipped with our product we want to make sure to use the latest release without known vulnerabilities)
Changes specific to Jira
- None
Changes specific to Confluence
None
Changes specific to Bitbucket
None
Changes specific to Bamboo
- None
6.0.6
Released on 13 April 2022 for Jira, Confluence, Bitbucket and Bamboo (Server and Data Center).
- Fixed: User Sync user interface not loading in SAML Single Sign-On 6.0.5.
Changes specific to Jira
- None
Changes specific to Confluence
None
Changes specific to Bitbucket
None
Changes specific to Bamboo
- None
6.0.5
Not published
- SAML Single Sign-On 6.0.5 comes with the User Sync 2.4.2 release, see 2.4.x release notes.
- Fixed possible XSS vulnerability on old browsers by injecting Javascript code in the redirectTo parameter.
- Fixed: exported support information could have contained sensitive information from the configured JVM arguments. The JVM arguments are no longer included in the support information.
- Fixed: enabling the option "Use Base URL from Request" caused wrong SAML request.
Changes specific to Jira
- None
Changes specific to Confluence
None
Changes specific to Bitbucket
Fixed slow logouts on Bitbucket Data Center setups.
Changes specific to Bamboo
- None
6.0.4
Released on 23 March 2022 for Jira, Confluence, Bitbucket and Bamboo (Server and Data Center).
Fixed: Use SHA-256 instead of SHA-1 as digest algorithm.
Fixed: NameIDPolicy was missing in AuthnRequest.
Fixed email preset in attribute mapping for Google Cloud Identity (G Suite).
Changes specific to Jira
- None
Changes specific to Confluence
None
Changes specific to Bitbucket
None
Changes specific to Bamboo
- None
6.0.3
Released on 25 February 2022 for Jira, Confluence and Bitbucket (Server and Data Center).
- SAML Single Sign-On 6.0.3 comes with the User Sync 2.4.1 release, which fixes an issue with the Azure full sync, see 2.4.x release notes.
Changes specific to Jira
- None
Changes specific to Confluence
None
Changes specific to Bitbucket
None
Changes specific to Bamboo
- None
6.0.2
Released on 21 February 2022 for Jira and Confluence (Server and Data Center).
- Fixed generating metadata for Service Provider (organizations section).
Changes specific to Jira
- Compatibility update for Jira 8.22.x.
Changes specific to Confluence
None
Changes specific to Bitbucket
None
Changes specific to Bamboo
- None
6.0.1
Released on 17 February 2022 for Confluence (Server and Data Center).
Fixed login issue when IdP sends multiple attributes with the same key.
- Added new preset "Use UPN and convert guest users" for the email attribute in the Azure connector.
6.0.0
Released on 16 February 2022 for Confluence (Server and Data Center).
- SAML Single Sign-On 6.0.0 comes with the User Sync 2.4.0 release, see 2.4.x release notes.
- Support for OpenID Connect (beta)
- Replaced OpenSAML with OneLogin SAML/Java
- Removed separate SAMLWrapper-plugin
- If Idp-selection by email is enabled and a selection-cookie is present, the page to enter the email address can be shown.
- Remove "prevent login form" option from the configuration-UI. Use Deny Password Authentication to prevent users from using a password.
- Fixed IdP-dropdown width when many IdPs are configured.
Fixed missing validation for invalid directory selection.
Fixed configuration frontend issue when the logged in user had no email address configured.
Metadata is no longer reloaded automatically when loaded from a file
Fixed misleading warning message "Not initialized" in the logs on plugin startup
Changes specific to Jira
- None
Changes specific to Confluence
None
Changes specific to Bitbucket
None
Changes specific to Bamboo
- Added support for Bamboo Data Center.