Important Update Effective February 1, 2024!
Due to recent changes in Jira and Confluence, we've made the tough decision to discontinue the OpenID Connect (OIDC)/OAuth app and no longer provide new versions for the newest Jira/Confluence releases as of January 31, 2024.
This is due to some necessary components no longer shipping with Jira/Confluence, which would require some extensive rewrites of the OIDC App.
Important Update! This app will be discontinued soon!
Due to recent changes in Jira, which no longer ships with some components required for our Read Receipts app to run, we've made the tough decision to discontinue the app, as of Februar 5, 2025.
Important Update! This app will be discontinued soon!
We've made the tough business decision to discontinue the app, as of January 11, 2025.
Using the Atlassian product's REST API with SAML SSO enabled
Enabling SSO redirection only applies to logins using a web browser (see How SAML Single Sign On works).
This won't work when only using the REST API since the login page is never visited.
So it is not possible to log in with your SSO credentials (your username/ password on the Identity Provider) on the REST API via Basic or Bearer Authentication.
However, there are alternative options to authenticate against the REST API when using our SAML SSO app.
Option 1: Use API Token Authentication for Jira, Confluence and Bitbucket (Server & Data Center)
For Jira, Confluence and Bitbucket Server and Data Center, we provide an app called API Token Authentication:
https://marketplace.atlassian.com/apps/1221586/api-token-authentication-for-Jira
https://marketplace.atlassian.com/apps/1221608/api-token-authentication-for-confluence
https://marketplace.atlassian.com/apps/1224117/api-token-authentication-for-bitbucket
It allows you to create multiple, secure API tokens per user which can be used instead of a user's password, which is not available in an SSO-enabled Atlassian application anymore.
Please find more details in the documentation linked below:
API Token Authentication Documentation
Admin Guide
REST API
User Guide
Looking for API Token Authentication for Bamboo?
API Tokens can be created with built-in functionality for these, please follow the links below.
https://confluence.atlassian.com/bitbucketserver/personal-access-tokens-939515499.html
Option 2: Use OAuth
As documented in https://developer.atlassian.com/jiradev/jira-apis/about-the-jira-rest-apis#AbouttheJIRARESTAPIs-Authenticationandauthorization , you should be able to use OAuth for your REST API scripts.
This can be useful for allowing regular users to use the REST API but requires a bigger setup work on both the admin's part and the user's part before running the script (for the first time).
Atlassian has a very comprehensive tutorial here: https://developer.atlassian.com/jiradev/jira-platform/jira-architecture/security-overview/oauth
Option 3: Use HTTP Basic Authentication with local Passwords
Our SAML SSO app does not prevent admins from setting passwords in the Atlassian user management of Jira, Confluence etc. or creating local user accounts for specific purposes. That means that using REST calls with HTTP Basic authentication and their username and password would still work. This option has the downside of basically circumventing SAML SSO at this level, but if you only need credentials for a script to run, then this might be okay for you. Atlassian puts it like this:
Considering basic authentication with local passwords? We recommend that you don't use that method at all, except for tools like personal scripts or bots.
It may be easier to implement, but it is much less secure. The username and password are sent repeatedly with requests and cached on the web browser.
Even if the credentials are sent via SSL/TLS, these protocols can still be compromised.