If you were cloning/ migrating a Jira/ Confluence/ Bitbucket or Bamboo instance to a new server and the host/ base URL changed (e.g. Dev/ Prod/ Staging instance), please take care of the following things on the new instance:

  • because the Base URL has changed, you need to ensure that the SAML SSO Entity ID (SAML Single Sign On Configuration -> Service Provider -> Service provider settings) contains the new one (https://<New-BaseURL>/plugins/servlet/samlsso).
    Using the reset button beside it does that automatically for you.
  • if you either use the Signed Authentication Request or the Encryption functionality, a new certificate is required, because the certificate includes the old BaseURL information.
    To create a new one, go to the SAML SingleSignOn Plugin Configuration -> Service Provider -> Signing and encryption -> click on the button Generate new Private Key and Certificate.
  • save the configuration 

If you are using the cloned instance as a separate one, i.e. a dev or staging environment and you don't have a dedicated identity provider configuration yet, create a new one.

If you really moved the instance to a new server and changed the base URL in the process you need to adjust the existing identity provider configuration accordingly: 

The easiest way is to update your identity provider via SAML SSO metadata provided via the https://<New-BaseURL>/plugins/servlet/samlsso/medata URL.  
You can either use the URL or download the metadata first if your IdP doesn't have direct access to the new Atlassian instance.
If your identity provider doesn't support metadata imports, you need to update the following information manually:

  • Identifier/ Entity ID https://<New-BaseURL>/plugins/servlet/samlsso
  • Assertion Consumer Service URL (ACS) (also called Sign On URL) = https://<New-BaseURL>/plugins/servlet/samlsso
  • use the certificate that is shown in our app configuration: Service Provider -> Signing and encryption Service Provider Certificate

Update Microsoft AD FS Identity Provider Configuration

  1. Open the AD FS application on your AD FS server.
  2. Open your Relying Party Trusts.
  3. Open the Properties for the specific Relying Party Trust → Monitoring
  4. Update the Relying party's federation metadata URL (https://<New-BaseURL>/plugins/servlet/samlsso/medata) 
  5. Click on Apply/OK to save the settings.
  6. Right-click on the Relying Party Trust -> Update from Federation Metadata. (If this fails, please check if have you defined the correct metadata URL one step above.
  7. Check if the Identifiers, Encryption and Signing sections have included the correct information.
  8. Click on Update.