Important Update Effective February 1, 2024!
Due to recent changes in Jira and Confluence, we've made the tough decision to discontinue the OpenID Connect (OIDC)/OAuth app and no longer provide new versions for the newest Jira/Confluence releases as of January 31, 2024.
This is due to some necessary components no longer shipping with Jira/Confluence, which would require some extensive rewrites of the OIDC App.
Important Update! This app will be discontinued soon!
Due to recent changes in Jira, which no longer ships with some components required for our Read Receipts app to run, we've made the tough decision to discontinue the app, as of Februar 5, 2025.
Important Update! This app will be discontinued soon!
We've made the tough business decision to discontinue the app, as of January 11, 2025.
2.0.x release notes
What's new
Significantly Reworked Configuration Interface, Configuration Wizard and easier Troubleshooting.
Upgrade consideration
We have done very significant frontend changes in this version, which you will surely appreciate once you get to use it. We also have done an unprecedented amount of Testing/QA. Nevertheless, please make sure you don't do this upgrade lightly & take appropriate testing steps in your environment.
Data Center
If you're using a Data Center product, please also consider this note on upgrading your installation.
Changelog
2.0.15
Released on 12 January 2023 for Jira and Confluence
Fix a medium level security vulnerability potentially allowing replay attacks, see https://wiki.resolution.de/doc/saml-sso/latest/jira/security-advisories/2023-01-12-response-can-be-replayed-with-modified-id-when-only-the-assertion-is-signed.
2.0.13
Released on 3 August 2021 for Jira and Confluence
Fixes a critical security vulnerability.
Please update to this version or one of the other fix versions (5.0.5, 4.0.12, 3.6.6, 2.5.9) as soon as possible. Existing customers should have received or will soon receive a mailing with some details. They will be published in a few days.
2.0.12
Released on 24 April 2018 for Confluence
- Fixed scheduler for cleaning up authentication trackers for Confluence 5.10+.
2.0.11
Released on 16 March 2018 for Jira, Confluence, Bitbucket and Bamboo
- Added support for delegated directories in Crowd, this requires an additional Crowd add-on, see our knowledge base article.
- Added option to disable the remote directory lookup feature introduced in 2.0.5.
- Fixed a bug that could cause performance issues in large instances during the periodical cleanup of response IDs.
- The cookie ‘selectedidp’, saving which IdP the user selected last time, is now marked as secure over HTTPS connections. Best-practice improvement.
2.0.10
Released on 26 February 2018 for Jira and Confluence
- Fixed a bug that could prevent the add-on from starting up due to a invalid configuration if you update from add-on version 0.13.x or older.
2.0.9
Released on 12 February 2018 for Jira, Confluence, Bitbucket and Bamboo
- Fixed a bug that could cause performance issues in large instances during the periodical cleanup of authentication trackers.
2.0.8
- Fixed a bug that could trigger a logout redirection while executing a REST requests.
Changes specific to JIRA and Confluence
- Fixed RememberMe cookie.
- Fixed bug in group assignment for newly created users.
Changes specific to Bitbucket and Bamboo
- RememberMe cookie is now also available for Bitbucket and Bamboo.
2.0.7
Released on 8 Jan 2018 for Jira, Confluence, Bitbucket and Bamboo
- Re-enabled compatibility for JIRA 7.0.4, Confluence 5.9.1, Bitbucket 4.0.1 (see https://wiki.resolution.de/go/ssso/updateRemoteDirectory)
- Fixed potential XSS vulnerability with pass-through parameter names
2.0.6
Released on 21 December 2017 for Jira
- Fixed redirection to a specific dashboard after login.
2.0.5
Released on 7 December 2017 for Jira, Confluence, Bitbucket and Bamboo
- Improved security: Assertion IDs are now persistently stored for a defined amount of time.
- Improved export of SupportInformation for a better troubleshooting experience.
- Fixed compatibility issues with Oracle and Microsoft SQL Server.
- Fixed performance issue on admin page with large amount of groups in system.
- Fixed several issues with connected LDAP and Crowd directories.
- SSO now works with new users from delegated authentication directories.
Changes specific to Bitbucket
- Fixed disabling of logout redirection for non-SSO users.
- Fixed rendering error in Error Page Template.
2.0.4
Released on 7 November 2017 for Bitbucket and Bamboo
- First release of SAML Single Sign On 2.0 for Bitbucket and Bamboo containing all features from 2.0.0 to 2.0.3.
2.0.3
Released on 11 October 2017 for JIRA and Confluence
- Fixed potential XSS vulnerability with pass-through parameters
- Metadata creation now works directly after install
- Authentication Trackers now contain source IP address and request headers
- Easier access to SAML Service Provider details
- Improved configuration wizard, now containing Okta and OneLogin
- Fixed minor frontend issues
- Improved error messages if users are not synced from remote directory yet
2.0.2
Released on 25 September 2017 for JIRA and Confluence
- Fixed handling of URLs containing hyphens. This could also lead to non-working hyperlinks from external applications.
- IdP Selection by Request Header: Fixed matching of empty request header values. Clarified configuration in help text.
- Several small bugfixes in the user interface.
2.0.1
Released on 21 September 2017 for JIRA and Confluence
- Tracker-parameter is no longer passed through to the IdP
- Fixed Exceptions "bundle has been uninstalled" found in the log intermittent after disabling and re-enabling the plugin
- Fixed tracker getting lost if no relay state comes from the IdP
- Fixed migrating empty useridTransformationRegex when updating from older version
2.0.0
Released on 8 September 2017 for JIRA and Confluence
- Reworked User Interface:
- IdP setup Wizard
- Tabbed interface
- Easier Troubleshooting with Authentication Process Tracking and downloadable Support Information
- IdP-signature was not recognized when using REDIRECT-binding
- Arbitrary number of certificates can be configured per IdP
- Organization and Contacts in SAML Metadata
- REST-endpoint for enabling/disabling redirection to IdP
- Enhanced IdP selection:
- Specify email domains using regular expression
- Specify authentication header values using regular expressions
- Allow login page instead of SAML for specific email domains or request headers
- Entity ID is now editable
- Custom Logged Out URL only for SSO Users
- IdP-Id is now immutable, default IdP is specified by a new parameter weight
Changes specific to JIRA
- Set earliest supported version to JIRA 7.0.4
Changes specific to Confluence
- Set earliest supported version to Confluence 5.9.1