2024年7月
Table of Contents |
---|
1 Technical Programs
...
Click the “SSO Configure” button in the “URANUS SSO” section on the left to enter the plugin configuration steps.
2.4.3 Bitbucket to Plugin Configuration Page
Click the button in the upper right corner of the main interface of the system to enter the system management page as shown in 2.4.3.1. and a second password confirmation will pop up. Please enter the password of the currently logged-in bitbucket account to proceed to the next step.
...
Click the “SSO Configure” button in the “URANUS SSO” section to enter the plugin configuration steps.
2.5 Plugin Configuration
...
2.5.1
...
Okta or Auth2 Config with Atlassian Plugin
Note:This section is supported by Jira Confluence Bitbucket.
...
2.5.1 SSO Configuration Interface
...
(1)Authentication method
Select the authentication protocol accepted by the SSO center.
...
Select here whether to enable SSO login function.
2.5.2 Saml Config with Jira Plugin
Note: that the current Saml protocol only supports use in Jira
Select ssoType, click on select saml, and then save.
...
The following are the configuration options and corresponding attribute introductions for Saml.
...
SpEntityId: SP service, which is the entity ID of the current Jira application. Configure links such as:${baseUrl}/plugins/servlet/igsl/redirect/sso/samlLogin
spAcsUrl: After logging in to the IDM service, this interface will be called for authentication and automatic login. Configure links such as: ${baseUrl}/plugins/servlet/igsl/redirect/sso/samlAcs
spLogoutUrl: SP logout address, which will call IDP logout and then exit the Jira system. Configure links such as: ${baseUrl}/plugins/servlet/igsl/redirect/sso/samlLogout
spX509Cert: SP service refers to the certificate of the server where Jira is currently located.
spPrivateKey: SP service refers to the private key of the certificate of the server where Jira is currently located.
Command to generate certificate and private key:
keytool -genkeypair -alias mykey -keyalg RSA -keystore keystore.jks
keytool -export -alias mykey -keystore keystore.jks -file mycertificate.cer
openssl x509 -in mycertificate.cer -out mycrt.crt
keytool -importkeystore -srckeystore keystore.jks -destkeystore keystore.p12 -srcstoretype JKS -deststoretype PKCS12
openssl pkcs12 -in keystore.p12 -nocerts -out private_key.pem -nodes
IdpEntityId: idp service entityId, this in metadata.xml. We will introduce it later in Keycloak.
IdpSsoUrl: idp service ssoUrl, this in metadata.xml. We will introduce it later in Keycloak.
IdpLogoutUrl: idp service logoutUrl, this in metadata.xml. We will introduce it later in Keycloak.
IdpX509Cert: idp service cert, this in metadata.xml. We will introduce it later in Keycloak.
...
SecuritySignatureAlgorithm: Algorithm that the toolkit will use on signing process. Options:
http://www.w3.org/2000/09/xmldsig#rsa-sha1
http://www.w3.org/2000/09/xmldsig#dsa-sha1
http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
http://www.w3.org/2001/04/xmldsig-more#rsa-sha384
http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
Allow user creation: enable or disable create user.
Is Plugin enabled: enable or disable plugin.
Username Attribute: get saml usernamekey attribute. The bound is Jira's username.
FullName Attribute: get saml fullname attribute. The bound is Jira's fullname.
Email Attribute: get saml fullname attribute. The bound is Jira's email.
Keycloak Config
...
ADFS Config
...
copy to adfs
...
copy to adfs
...
get idp xml
${baseUrl}/federationmetadata/2007-06/federationmetadata.xml
...
like this
...
2.6 Skip SSO Login Authenticate URL
...