2024年7月
| Table of Contents |
|---|
...
SpEntityId: SP service, which is the entity ID of the current Jira application. Configure links such as:${baseUrl}/plugins/servlet/igsl/redirect/sso/samlLogin
spAcsUrl: After logging in to the IDM service, this interface will be called for authentication and automatic login. Configure links such as: ${baseUrl}/plugins/servlet/igsl/redirect/sso/samlAcs
spLogoutUrl: SP logout address, which will call IDP logout and then exit the Jira system. Configure links such as: ${baseUrl}/plugins/servlet/igsl/redirect/sso/samlLogout
spX509Cert: SP service refers to the certificate of the server where Jira is currently located.
...
Command to generate certificate and private key:
keytool -genkeypair -alias mykey -keyalg RSA -keystore keystore.jks
keytool -export -alias mykey -keystore keystore.jks -file mycertificate.cer
openssl x509 -in mycertificate.cer -out mycrt.crt
keytool -importkeystore -srckeystore keystore.jks -destkeystore private.key keystore.p12 -srcstoretype JKS -deststoretype PKCS12 -srcalias mykey -deststorepass password -srcstorepass password -noprompt
openssl pkcs12 -in privatekeystore.key p12 -nocerts -nodes -out private_key.pem -nodes
IdpEntityId: idp service entityId, this in metadata.xml. We will introduce it later in Keycloak.
...
Email Attribute: get saml fullname attribute. The bound is Jira's email.
Keycloak config:
...
ADFD config:
...
copy to adfs
...
copy to adfs
...
get idp xml
${baseUrl}/federationmetadata/2007-06/federationmetadata.xml
...
like this
...
2.5 Plugin Configuration
...
2.5.1 SSO Configuration Interface
...