Important Update Effective February 1, 2024!
Due to recent changes in Jira and Confluence, we've made the tough decision to discontinue the OpenID Connect (OIDC)/OAuth app and no longer provide new versions for the newest Jira/Confluence releases as of January 31, 2024.
This is due to some necessary components no longer shipping with Jira/Confluence, which would require some extensive rewrites of the OIDC App.
6.3.x release notes
What's new
- Allow OAuth2 authentication with Atlassian, LinkedIn, GitHub, Twitter or Facebook
- Specific SP metadata can be provided per IdP
- User Sync now allows synchronizing profile pictures from Azure or G Suite in Jira and Confluence
- Fix a medium level security vulnerability potentially allowing replay attacks, see https://wiki.resolution.de/doc/saml-sso/latest/jira/security-advisories/2023-01-12-response-can-be-replayed-with-modified-id-when-only-the-assertion-is-signed.
Upgrade consideration
No special considerations apply to this update.
Data Center
This version is fully compatible with Jira, Confluence, Bitbucket, and Bamboo Data Center.
Changelog
6.3.0
Released on 12 Janurary 2023 for Jira, Confluence, Bitbucket, and Bamboo (Server and Data Center).
- SAML Single Sign-On 6.3.0 comes with the User Sync 2.7.0 release, see 2.7.x release notes.
- New Feature: OAuth2 support/social logins.
- New Feature: IdP specific metadata.
- Improvement: OIDC is no longer in beta state.
Improvement: Allow adding another SPSSODescriptor to the service provider metadata.
Improvement: Make destination and audience check configurable.
Improvement: Allow disabling checks for recipient and destination in SAML response.
- Improvement: Show IdP ID in frontend.
Improvement: Removed no longer necessary workarounds for POST binding with Content Security Policies.
- Improvement: Allow users to select whether the selected IdP should be stored (requires modifying the IdP selection page) in a cookie.
Improvement: Allow patching the configuration (to be used with the resolution technical support).
- Improvement: Rename SP information button and add metadata per IdP information.
- Improvement: "Enable additional authentication" and Same-Site-Cookie are enabled by default.
- Improvement: Added checkbox in the plugin configuration page to enable/disable "WantAssertionsSigned=true" in the SP metadata.
- Bugfix: Enforce uniqueness of SAML response not only for response IDs but also for assertion IDs.
- Bugfix: Broken tracker table after downgrade due to unkown IdP type.
- Bugfix: NoSuchMethodError during login with JIT connector.
- Bugfix: 'Other' preset is not valid because of no attribute to find user.
- Bugfix: Fixed import metadata from XML file.
- Bugfix: Fixed custom logged out URL and logout redirection for OIDC.
- Bugfix: Wizard: Can choose oauth when you shouldn't be able to
- Bugfix: Read destination URL from the RelayState parameter (for IdP initiated SSO).
Changes specific to Jira
- Improvement: Allow IdP selection page for Customer Portal.
- Improvement: Fire BeforeUserAuthenticate event before every login attempt.
Changes specific to Confluence
None
Changes specific to Bitbucket
- None
Changes specific to Bamboo
- None