Important Update Effective February 1, 2024!
Due to recent changes in Jira and Confluence, we've made the tough decision to discontinue the OpenID Connect (OIDC)/OAuth app and no longer provide new versions for the newest Jira/Confluence releases as of January 31, 2024.
This is due to some necessary components no longer shipping with Jira/Confluence, which would require some extensive rewrites of the OIDC App.
Important Update! This app will be discontinued soon!
Due to recent changes in Jira, which no longer ships with some components required for our Read Receipts app to run, we've made the tough decision to discontinue the app, as of Februar 5, 2025.
Important Update! This app will be discontinued soon!
We've made the tough business decision to discontinue the app, as of January 11, 2025.
Single Sign On Redirection process
This page describes the redirecting process of the SAML Single Sign On for Data Center plugin on a Confluence example page.
To follow and reproduce this points, please activate the redirection for your plugin and enable detailed logging for the plugin : Troubleshooting
1 ) Forced redirection to the SAML Single Sign On Servlet
A not authenticated user accesses a Confluence Data Center internal page : https://confluence5911.lab.resolution.de/display/TEST/TESTPAGE
The user will be catched from the plugin and redirected to the SAML Single Sign On Servlet. The original destination page is attached as redirectTo Parameter to the URL :
https://confluence5911.lab.resolution.de/plugins/servlet/samlsso?redirectTo=%2Fpages%2Fviewpage.action%3FspaceKey%3DTEST%26title%3DTESTPAGE
Debug Log:
DEBUG [http-nio-8443-exec-16] [atlasplugins.samlsso.servlet.RedirectToSsoFilter] doFilter Redirecting to https://confluence5911.lab.resolution.de/plugins/servlet/samlsso?redirectTo=%2Fpages%2Fviewpage.action%3FspaceKey%3DTEST%26title%3DTESTPAGE
DEBUG [http-nio-8443-exec-1] [atlasplugins.samlsso.servlet.SamlSsoServlet] processRequestFromClient Original url is /pages/viewpage.action?spaceKey=TEST&title=TESTPAGE
2 ) Redirection to the Identity Provider
The SAML SSO for Atlassian Data Center plugin creates the SAML Request and redirects the user to the Identity Provider.
The destination URL consists of the IdP POST Binding URL + SAMLRequest + RelayState :
http://adfs01.lab.resolution.de:8080?SAMLRequest=pZHBbsIwEER%2FJfKdxAmlohYJQkWVkOgFaA%2B9GduQNPZu6rVRP78GKRKHHir1uPLO7MzzYvntbHYxnjqEmpU5Z5kBhbqDc83eDi%2BTOVs2C5LODmIVQws78xUNhSzpgMTtoWbRg0BJHQmQzpAISuxXr1tR5VwMHgMqtCxbERkf0qFnBIrO%2BL3xl06Zt922Zm0IA4miUAgnG1MGM3sqy9zKY%2B4NoY1XYa5NMdh47oCK5HWxJhTXCETIsnWK1YEMtyZXu%2BQm9Yn4Ly5izuep6mZdM6lVj61yqBGt1W372QOeUVndqwHS0Dp3bG2ftomi2QAFCaFmFS8fJ2U5mfJDORUVFzOe84fqg2XvI85Un43wbmL%2Fd2xyhMWa%2F6JZFPcRmnG8%2F87mBw%3D%3D&RelayState=%2Fpages%2Fviewpage.action%3FspaceKey%3DTEST%26title%3DTESTPAGE
Debug Log:
DEBUG [http-nio-8443-exec-1] [atlasplugins.samlsso.servlet.SamlSsoServlet] processRequestFromClient Redirecting to: http://adfs01.lab.resolution.de:8080?SAMLRequest=pZHBbsIwEER%2FJfKdxAmlohYJQkWVkOgFaA%2B9GduQNPZu6rVRP78GKRKHHir1uPLO7MzzYvntbHYxnjqEmpU5Z5kBhbqDc83eDi%2BTOVs2C5LODmIVQws78xUNhSzpgMTtoWbRg0BJHQmQzpAISuxXr1tR5VwMHgMqtCxbERkf0qFnBIrO%2BL3xl06Zt922Zm0IA4miUAgnG1MGM3sqy9zKY%2B4NoY1XYa5NMdh47oCK5HWxJhTXCETIsnWK1YEMtyZXu%2BQm9Yn4Ly5izuep6mZdM6lVj61yqBGt1W372QOeUVndqwHS0Dp3bG2ftomi2QAFCaFmFS8fJ2U5mfJDORUVFzOe84fqg2XvI85Un43wbmL%2Fd2xyhMWa%2F6JZFPcRmnG8%2F87mBw%3D%3D&RelayState=%2Fpages%2Fviewpage.action%3FspaceKey%3DTEST%26title%3DTESTPAGE
3 ) Redirection back to the SAML Single Sign On Servlet
The Identity Provider redirects the users back to the SAML Single Sign On Servlet:
https://confluence5911.lab.resolution.de/plugins/servlet/samlsso
The SAMLResponse from the Identity Provider contains the RelayState Parameter, which you can check in the Debug Log:
DEBUG [http-nio-8443-exec-6] [atlasplugins.samlsso.servlet.SamlSsoServlet] processRequestFromIdP RelayState parameter is /pages/viewpage.action?spaceKey=TEST&title=TESTPAGE
4 ) Redirection to the original destination page
After the user authentication in Confluence, the plugin is now using the RelayState, to redirect the user correctly to the original destination page:
https://confluence5911.lab.resolution.de/pages/viewpage.action?spaceKey=TEST&title=TESTPAGE
Debug Log:
DEBUG [http-nio-8443-exec-6] [atlasplugins.samlsso.servlet.SamlSsoServlet] processRequestFromIdP Redirecting to https://confluence5911.lab.resolution.de/pages/viewpage.action?spaceKey=TEST&title=TESTPAGE