2024年7月
| Table of Contents |
|---|
...
Click the “SSO Configure” button in the “URANUS SSO” section to enter the plugin configuration steps.
2.5 Plugin Configuration
2.5.1 Okta or Auth2
...
Config with Atlassian Plugin
Note:This section is supported by Jira Confluence Bitbucket.
...
Select here whether to enable SSO login function.
2.
...
5.2 Saml Config with Jira Plugin
Note: that the current Saml protocol only supports use in Jira
...
SpEntityId: SP service, which is the entity ID of the current Jira application. Configure links such as:${baseUrl}/plugins/servlet/igsl/redirect/sso/samlLogin
spAcsUrl: After logging in to the IDM service, this interface will be called for authentication and automatic login. Configure links such as: ${baseUrl}/plugins/servlet/igsl/redirect/sso/samlAcs
spLogoutUrl: SP logout address, which will call IDP logout and then exit the Jira system. Configure links such as: ${baseUrl}/plugins/servlet/igsl/redirect/sso/samlLogout
spX509Cert: SP service refers to the certificate of the server where Jira is currently located.
...
Command to generate certificate and private key:
keytool -genkeypair -alias mykey -keyalg RSA -keystore keystore.jks
keytool -export -alias mykey -keystore keystore.jks -file mycertificate.cer
openssl x509 -in mycertificate.cer -out mycrt.crt
keytool -importkeystore -srckeystore keystore.jks -destkeystore keystore.p12 -srcstoretype JKS -deststoretype PKCS12
openssl pkcs12 -in keystore.p12 -nocerts -out private_key.pem -nodes
IdpEntityId: idp service entityId, this in metadata.xml. We will introduce it later in Keycloak.
...
Email Attribute: get saml fullname attribute. The bound is Jira's email.
Keycloak config:
...
ADFS config:
...
copy to adfs
...
copy to adfs
...
get idp xml
...