This topic describes how to use the SAML protocol to implement single sign-on for JIRA or Confluence in the IDaaS console. We demonstrate single sign-on for the Alibaba Cloud console here.
Employees of an enterprise need to access JIRA or Confluence in their daily work. They must enter the logon URLs of applications, account names, and passwords upon each logon. If multiple similar applications are involved, they must record multiple pairs of usernames and passwords and repeated logons are time-consuming.
IDaaS can implement single sign-on for JIRA or Confluence. Employees can access all authorized applications through single sign-on.
- Log on to the IDaaS console as an IT administrator. For more information, see Logon in Administrator Guide.
- In the left-side navigation pane, choose Applications > Add Applications. Find the SAML application and click Add Application in the Actions column.
- Click Add SigningKey. Configure the parameters and click Submit.
- Export the SigningKey file.
Find the new SigningKey in the SigningKey list and click Export in the Actions column. Open the exported file in a text editor. Obtain the -- BEGIN CERTIFICATE-- --END CERTIFICATE -- information.
- Configure miniOrange Single Sign On for Confluence.
Configure SP Base URL.
Set SP Base URL and SP Entity ID to your Confluence information. Use the default values for other parameters.
Configure the IDP parameters on the second tab.
- IDP Name: Specify a name as needed.
- IDP Entity ID/Issuer: Enter the portal URL of the IDaaS user account.
- Send Signed Requests: Select this field.
- SSO Binding Type: Select the first option.
- Single Sign On URL: Enter the portal URL of the IDaaS user account.
- NameID Format: Select SAML:2.0 nameid-format persistent. The value must be consistent with that on IDaaS.
- IDP Signing Certificate: Enter the SigningKey information obtained in the preceding operation.
- Configure SAML settings on IDaaS.
- SP Entity ID: Enter SP Base URL for your Confluence information. The value must be consistent with that in Confluence.
- IDaaS IdentityId: the portal URL of the IDaaS user account. The value must be consistent with that of IDP Entity ID/Issuer specified in the preceding operation.
- NameIdFormat: Select SAML:2.0 nameid-format persistent. The value must be consistent with that in Confluence.
- SP ACS URL (SSO Location): Obtain the SP ACS URL information from SP Base URL.
- Enable and authorize the application on IDaaS.
- Log on the IDaaS console as the authorized user. Add an application account for the
The application account is the account used in JIRA or Confluence.
- The IT administrator reviews and approves the new application account.
- Log on to JIRA or Confluence from the IDaaS console in a single sign-on manner.
You click the application icon on the My Applications page and log on to JIRA or Confluence in a single sign-on manner.