2024年7月
| Table of Contents |
|---|
...
SpEntityId: SP service, which is the entity ID of the current Jira application. Configure links such as:${baseUrl}/plugins/servlet/igsl/redirect/sso/samlLogin
spAcsUrl: After logging in to the IDM service, this interface will be called for authentication and automatic login. Configure links such as: ${baseUrl}/plugins/servlet/igsl/redirect/sso/samlAcs
spLogoutUrl: SP logout address, which will call IDP logout and then exit the Jira system. Configure links such as: ${baseUrl}/plugins/servlet/igsl/redirect/sso/samlLogout
spX509Cert: SP service refers to the certificate of the server where Jira is currently located.
...
Command to generate certificate and private key:
keytool -genkeypair -alias mykey -keyalg RSA -keystore keystore.jks
keytool -export -alias mykey -keystore keystore.jks -file mycertificate.cer
openssl x509 -in mycertificate.cer -out mycrt.crt
keytool -importkeystore -srckeystore keystore.jks -destkeystore keystore.p12 -srcstoretype JKS -deststoretype PKCS12
openssl pkcs12 -in keystore.p12 -nocerts -out private_key.pem -nodes
IdpEntityId: idp service entityId, this in metadata.xml. We will introduce it later in Keycloak.
...
Email Attribute: get saml fullname attribute. The bound is Jira's email.
Keycloak
...
Config
...
ADFS
...
Config
...
copy to adfs
...
copy to adfs
...
get idp xml
...