Important Update Effective February 1, 2024!
Due to recent changes in Jira and Confluence, we've made the tough decision to discontinue the OpenID Connect (OIDC)/OAuth app and no longer provide new versions for the newest Jira/Confluence releases as of January 31, 2024.
This is due to some necessary components no longer shipping with Jira/Confluence, which would require some extensive rewrites of the OIDC App.
Important Update! This app will be discontinued soon!
Due to recent changes in Jira, which no longer ships with some components required for our Read Receipts app to run, we've made the tough decision to discontinue the app, as of Februar 5, 2025.
Important Update! This app will be discontinued soon!
We've made the tough business decision to discontinue the app, as of January 11, 2025.
Migrating/Cloning an Atlassian Server product with the SAML SSO add-on
If a Jira/Confluence/Bitbucket/Bamboo migration/clone to a new server with a changed Host/Base URL (e.g. Dev/Prod/Staging instance) has been done/created, please take care of the following points regarding the SAML SSO add-on within the new instance:
- Because the Base URL has changed, you need to ensure that the SAML SSO Entity ID (under SAML SingleSignOn Plugin Configuration -> Service Provider -> Service provider settings) has the correct Base URL information of your new instance (https://<New-BaseURL>/plugins/servlet/samlsso).
- If you either use the Signed Authentication Request or the Encryption funtionality, a new certificate is required, because the certificate includes the old BaseURL information. To create a new one, go to the SAML SingleSignOn Plugin Configuration -> Service Provider -> Signing and encryption -> click on the button Generate new Private Key and Certificate. Save the configurations.
The above changes must be communicated to the Identity Provider. The recommended way is to update your Identity Provider via SAML SSO metadata (https://<New-BaseURL>/plugins/servlet/samlsso/medata). When your Identity Provider doesn't support metadata imports, you need to update following information manually:
- Identifier/Entity ID = https://<New-BaseURL>/plugins/servlet/samlsso
- Assertion Consumer Service URL (ACS) (also called Sign On URL) = https://<New-BaseURL>/plugins/servlet/samlsso
- Signing and Enryption Certificate = SAML SingleSignOn Plugin Configuration -> Service Provider -> Signing and encryption
For AD FS via metadata
- Open the AD FS application on your AD FS server.
- Open your Relying Party Trusts.
- Open the Properties for the specific Relying Party Trust → Monitoring
- Update the Relying party's federation metadata URL (https://<New-BaseURL>/plugins/servlet/samlsso/medata)
- Click on Apply/OK to save the settings.
- Right click on the Relying Party Trust -> Update from Federation Metadata. (If this fails, please check if have you defined the correct metadata URL one step above.
- Check if the Identifiers, Encryption and Signing sections have included the correct information.
- Click on Update.