2024年7月
| Table of Contents |
|---|
...
Click the “SSO Configure” button in the “URANUS SSO” section to enter the plugin configuration steps.
2.5 Plugin Configuration
2.5.1 Okta or Auth2 Config with Atlassian Plugin
Note:This section is supported by Jira Confluence Bitbucket.
...
2.5.1 SSO Configuration Interface
(1)Authentication method
Select the authentication protocol accepted by the SSO center.
(2)client_id
Fill in the client_id for verification and authentication provided by the SSO center.
(3)client_secret
Fill in the client_secret provided by the SSO center for verification and authentication.
(4)Unified Authentication Center URL
Fill in the access URL of the SSO authentication center here.
(5)User role acquisition URL
Fill in the API interface to get the user role here, do not combine with (4) splicing, need to provide the full URL.
(6)Authorization Code URL
Fill in the URL used by SSO center to log in and get the code, and combine it with (4), need to provide the name of client_id.
(7)GetToken URL
Fill in the SSO center verification code, and provide the API interface of token after authentication according to the code, client_id and client_secret, and combine it with (4).
(8)User information acquisition URL
Fill in the API interface that provides user information after the SSO center authenticates the token, and combine it with (4).
(9)Logout URL of unified authentication platform
Fill in the API interface of SSO center for logging off the user's login status, and combine it with (4).
(10)
System identification code Fill in the system identification code of SSO center here, and the system identification code previously specified is Jira.
(11)Resignation interface parameters
Select the resignation interface parameter as the parameter, and use the default username.
(12)Username parameter
Select which parameter to get username data to configure when getting user information, the default is username.
(13)displayName parameter
Select which parameter to get displayName data to configure when getting user information, the default is name.
(14)emailAddress parameter
Select which parameter to get email data to configure when getting user information, the default is email.
(15)Whether to open the resignation interface
Select whether to enable the resignation function.
(16)Whether users are allowed to be created
Select whether to enable the function of creating a new user by using the parameters in (12), (13) and (14) when the user does not exist during SSO login.
(17)Whether to turn on login interception
Select here whether to enable SSO login function.
2.5.2 Saml Config with Jira Plugin
Note: that the current Saml protocol only supports use in Jira
Select ssoType, click on select saml, and then save.
...
SpEntityId: SP service, which is the entity ID of the current Jira application. Configure links such as:${baseUrl}/plugins/servlet/igsl/redirect/sso/samlLogin
spAcsUrl: After logging in to the IDM service, this interface will be called for authentication and automatic login. Configure links such as: ${baseUrl}/plugins/servlet/igsl/redirect/sso/samlAcs
spLogoutUrl: SP logout address, which will call IDP logout and then exit the Jira system. Configure links such as: ${baseUrl}/plugins/servlet/igsl/redirect/sso/samlLogout
spX509Cert: SP service refers to the certificate of the server where Jira is currently located.
...
Command to generate certificate and private key:
keytool -genkeypair -alias mykey -keyalg RSA -keystore keystore.jks
keytool -export -alias mykey -keystore keystore.jks -file mycertificate.cer
openssl x509 -in mycertificate.cer -out mycrt.crt
keytool -importkeystore -srckeystore keystore.jks -destkeystore private.key keystore.p12 -srcstoretype JKS -deststoretype PKCS12 -srcalias mykey -deststorepass password -srcstorepass password -noprompt
openssl pkcs12 -in privatekeystore.key p12 -nocerts -nodes -out private_key.pem -nodes
IdpEntityId: idp service entityId, this in metadata.xml. We will introduce it later in Keycloak.
...
Email Attribute: get saml fullname attribute. The bound is Jira's email.
Keycloak
...
Config
...
...
2.5.1 SSO Configuration Interface
2.5.1 Configuration Interface Parameter Description
(1)Authentication method
Select the authentication protocol accepted by the SSO center.
(2)client_id
Fill in the client_id for verification and authentication provided by the SSO center.
(3)client_secret
Fill in the client_secret provided by the SSO center for verification and authentication.
(4)Unified Authentication Center URL
Fill in the access URL of the SSO authentication center here.
(5)User role acquisition URL
Fill in the API interface to get the user role here, do not combine with (4) splicing, need to provide the full URL.
(6)Authorization Code URL
Fill in the URL used by SSO center to log in and get the code, and combine it with (4), need to provide the name of client_id.
(7)GetToken URL
Fill in the SSO center verification code, and provide the API interface of token after authentication according to the code, client_id and client_secret, and combine it with (4).
(8)User information acquisition URL
Fill in the API interface that provides user information after the SSO center authenticates the token, and combine it with (4).
(9)Logout URL of unified authentication platform
Fill in the API interface of SSO center for logging off the user's login status, and combine it with (4).
(10)
System identification code Fill in the system identification code of SSO center here, and the system identification code previously specified is Jira.
(11)Resignation interface parameters
Select the resignation interface parameter as the parameter, and use the default username.
(12)Username parameter
Select which parameter to get username data to configure when getting user information, the default is username.
(13)displayName parameter
Select which parameter to get displayName data to configure when getting user information, the default is name.
(14)emailAddress parameter
Select which parameter to get email data to configure when getting user information, the default is email.
(15)Whether to open the resignation interface
Select whether to enable the resignation function.
(16)Whether users are allowed to be created
Select whether to enable the function of creating a new user by using the parameters in (12), (13) and (14) when the user does not exist during SSO login.
(17)Whether to turn on login interception
...
ADFS Config
...
copy to adfs
...
copy to adfs
...
get idp xml
${baseUrl}/federationmetadata/2007-06/federationmetadata.xml
...
like this
...
2.6 Skip SSO Login Authenticate URL
...