SAML Single Sign-OnSAML Single Sign-On
Try For Free

OpenAM with Manual Provisioning


Goal

After completing this setup guide, you will have setup OpenAM and your Atlassian product for the SAML SSO app. Additionally, you will test SSO and enable the SSO redirection.



Prerequisites

To use the SAML SSO app with Azure AD, you need the following:

  • An OpenAM instance

  • A (trial) subscription for the SAML SSO app

  • Admin access to your Atlassian product

  • Users are already available in Jira and OpenAM

Video Guide

Here you will find a detailed video guide soon.



 

Step-by-Step Setup Guide

Configure OpenAM for the SAML SSO App

Create Hosted Identity Provider


Login into your OpenAM instance and choose the realm you want to use.

1.png


Click on "Configure SAMLv2 Provider".

2.png


Click on "Create Hosted Identity Provider".

3.png


Provide a Name for the Identity Provider and choose a Singing Key. Furthermore, choose an existing Circle of Trust or create a new one by providing a name.
Click "Configure" to continue.

4.png


In the next window, click "SWITCH TO XUI".


5.png









Configure Remote Service Provider


Click "Configure Remote Service Provider".

6.png


Provide the metadata URL of your Atlassian product: https://<baseURL>/plugins/servlet/samlsso/metadata and substitute <baseURL> with the base URL of your instance. Click "Configure" to continue.

7.png


Click "OK" to continue.

8.png


Tweaking of the Hosted Identity Provider Configuration

Next, expand "Applications" in the left panel and click "SAML 2.0".

9.png




In the "Entity Providers" box, click on the hosted identity provider you created before.

10.png




Scroll down to "NameID Format". In the "NameID Value Map", click on "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified=" and press "Remove".

11.png


Next, add urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified=uid as a "New Value" by pressing "Add".

12.png



Scroll to the top of the page and click "Save". 

13.png

Configure Your Atlassian product for the SAML SSO App

Install the SAML SSO App


In your Atlassian product, open the in-product marketplace as described in the Atlassian documentation.
Search for "resolution saml" and click "Install" for SAML Single Sign On (SSO) by resolution Reichert Network Solutions GmbH


After the installation is complete, click on Manage, then choose Configure

Now, you are on the Add-on / app configuration page and the first step of the setup wizard will appear.

install_saml_sso
install_saml_sso








Configure the SAML SSO App

After you clicked "Configure", the Wizard will be triggered. If not, or if you want to add another Identity Provider (IdP) to your existing configuration, click on "Add new IdP +". This guide assumes, that you there is no IdP configured.


The Wizard greets you with information, click on "Add New IdP" to proceed.

CleanShot 2021-05-20 at 16.42.11.png


For the IdP Type, choose "OpenAM". You can also choose a name. Click on "Next" to continue.


1.png


Here, click on "Next" again. You might recognise the provided URL since you added them in OpenAM before.


2.png




Now, provide the Metadata URL. It will look like this [ServerBaseURL]/saml2/jsp/exportmetadata.jsp?entityid=[IdPentityID]&realm=/[RealmName]

where

[ServerBaseURL] is the full AM/OpenAM server URL, for example, http://host1.example.com:8080/openam
[IdPentityID] is the name of your IdP entity provider. This may be a name or FQDN such as: http://idp.example.net:8080/openam.
[RealmName] is the name of the realm in which the IdP entity provider is configured. If the IdP entity is configured in the top level realm (/), you can exclude the &realm parameter.

Click Import to proceed.

You can also configure the plugin without the metadata XML URL. Please choose another option from the dropdown menu and proceed as the wizard guides you.

3.png



Click Next to continue.

4.png


If you configured your Atlassian product and your Identity Provider in a common way, you do not need to change anything here. In that case, just click "Next".


userid
userid




Click on "Save & Next".


CleanShot 2021-06-01 at 13.31.47.png
 

Now it is time to test your configuration.





Testing SSO


The wizard also allows to test the Single Sign On. Just follow the steps to test if the login works as expected. 


Click on "Start test" to proceed.

start_test
start_test

Copy the orange marked link and open a new incognito/private tab or a different web browser. Then, paste the link and navigate to it. 

test_your_settings
test_your_settings


You will be now redirected to OpenAM's login page. Please log-in with you username and password. 

Screenshot 2019-04-30 at 12.20.11.png


If everything worked fine, you will log in into your Atlassian product. In the other tab/browser in which you were configuring the SAML SSO plugin, you can see also the "SUCCESS" status, if everything worked as expected. Click Next to proceed.

test_sso
test_sso





SSO Redirection


As a last step, you can set the Enable SSO Redirect option. If set, all users will be redirected to Single Sign On, thus they will be logged in via the IdP. Click on Save & Close to finish the configuration.


enable_redirection
enable_redirection


This site uses cookies to deliver its service & to analyse traffic. By browsing this site, you accept the privacy policy.

Our Wiki uses cookies

We want to give you the best possible experience on our website. For this we use technically required cookies and, if you agree, cookies for analysis and marketing purposes. You can find more information about the cookies in our Privacy Policy. By tapping ‘Accept All,’ you consent to the use of these methods by us and third parties.

Necessary
Always Active
Analytics
Advertisement
Other