The SAML SSO Toolbox includes additional features for the SAML SSO add-ons (JIRA, Confluence, Bitbucket, Bamboo and Fisheye/Crucible) and can be used for free. It replaces the old Clearssoconfig plugin, which can remove the SAML Single Sign On configurations from the database. As new feature, your users local passwords can be cleared now. 


Use this tool only in cooperation with our customer support.

Installation

Download samlssotoolbox-1.12.0.jar and upload it using the Plugin Manager:

Usage

Open the installed Plugin in the Plugin Manager and select Configure or open the URL "https://<application-baseurl>/plugins/servlet/samlsso/toolbox" directly. 

On the main page you can select between the included tools:

Manipulating users

The SAML SSO User List shows all your users from your internal directories (sorted alphabetically) and indicates which users are created by the SAML SSO add-on. Furthermore under Actions it is possible to:

  • Clear Password of your users (not possible for administrators), which sets the user password to an special value, resulting in the user not being able to log in with password. This ensures that your users can only use the Single Sign On for authentication. Administrators can easily reset the “cleared” user password in the application user configurations.
  • Convert a non-SAML user to a SAML user, and vice versa. This adds or removes the same flag that is added when a user is created via the Just In Time user provisioning.


It's also password to set users passwords via the REST API of the SAML SSO Toolbox:

After installing it, for setting users' passwords, please use the following REST command:

curl -X "PUT" "https://<base_url>/rest/samlsso-toolbox/1.0/users/<username>?directoryId=<directoryId>" \ -H 'Content-Type: application/json; charset=utf-8' \ -u '<sysadmin>:<password>' \ -d $'{ "ATTR_PASSWORD": "<new_password>" }'
CODE


You would need to substitute the following in the above command:

  • <base_url>: with your Confluence base URL

  • <username>: with the username of the user for whom you'd like to set a password

  • <directoryId>: with the directory ID of the UserSync Azure directory ID, which you can when you go to the User Directories page, click on the "Directory Configuration Summary" link at the bottom of the page, look up for the Azure directory and retrieve its Directory ID

  • <sysadmin>: with your admin username

  • <password>: with your admin password

  • <new_password>: with the new password that you want to set for the user

SAML SSO Configurations Export and Cleanup

Please make sure to disable and reenabled the SAML Single Sign On app using the Plugin Manager after manipulating the saved configurations.

This feature shows all installed SAML SSO configurations as version in a list. If a version is available, the configurations can be downloaded (Download XML) or removed (Delete).


Reimport downloaded configurations

Currently it's not directly possible to import a configuration that was downloaded with the help of the SAML SSO Toolbox into the main SAML Single Sign On app. If you want to do that you need to slightly modify the downloaded configuration to make the import possible. Use this template and replace the content from the download file at the marked position:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<supportInfo>
    // enter the downloaded content here (<configurationData>...</configurationData>)
    <ssoPluginInfo/>
</supportInfo>


CODE