Bitbucket SAML app gives the ability to enable SAML Single Sign On for Bitbucket Software. Bitbucket Software is compatible with all SAML Identity Providers. Here we will go through a guide to configure SSO between Bitbucket and your Identity Provider. By the end of this guide, users from your Identity Provider should be able to login and register to Bitbucket Software.
To integrate your Identity Provider(IDP) with Bitbucket, you need the following items:
Follow the steps below to configure Jboss Keycloak as an Identity Provider.You can use 2 ways to configure the JBoss Keycloak as IDP.
Method 2: Manual Configuration
|Client ID||The SP-EntityID / Issuer from the step 1 of the plugin under Configure IDP tab.|
|Name||Provide a name for this client|
|Description||Provide a description|
|Optimize Redirect signing key lookup||OFF|
|Client Signature Required||OFF|
|Force Name ID Format||ON|
|Name ID Format|
|Root URL||Leave empty or Base URL of Service Provider|
|Valid Redirect URIs||The ACS (Assertion Consumer Service) URL from the step 1 of the plugin under configure IDP tab.|
|Assertion Consumer Service POST Binding URL||The ACS (Assertion Consumer Service) URL from the step 1 of the plugin under Configure IDP tab.|
|Logout Service Redirect Binding URL||The Single Logout URL from the step 1 of the plugin under Configure IDP tab.|
Download IDP Metadata
Now we will go through the steps to setup Bitbucket as a Service Provider using miniOrange SAML add-on:
With the Quick Setup method, you can get the SP metadata from the first step of adding an IDP. The steps to initiate Quick Setup are given below :
After completing the above steps, you will see the first step of the Quick Setup process. This step deals with setting up your IDP.
Here you will find your SP's metadata. You will need to provide this metadata to your IDP. There are two ways to add this metadata to your IDP.
If you wish to add the metadata manually, then you can choose By manually configuring the metadata on your IDP You will find the following information. These details will need to be provided to your IDP
The next step of the Quick Setup flow deals with setting up IDP metadata on SP. We will pick this up in the next section of the setup guide.
If you have chosen to add your IDP using the Quick Setup flow then you have already completed the first step, which is to add SP metadata to your IDP. Now you can proceed with the second step of the Quick Setup method
This step is where you will be adding your IDP metadata.
There are 3 ways in which you can add your IDP metadata. Use the drop-down to select any of the following methods :
Add your metadata URL in the Enter Metadata URL field.
Use the Choose File button to browse for your metadata file.
To configure the IDP manually, you will need to have the following details from your IDP's metadata.
Once you have added the IDP metadata, click on Save. If the IDP has been added successfully, then you will see a Test and Get Attributes URL. Copt this Url and paste it in separate window to Get the Attributes from IDP.
In this step you will be setting up basic user profile attributes for your SP
If you plan on customizing your IDP setup from the get go, you can find the metadata in the SP Metadata. Here you will find your SP's metadata. You will need to provide this metadata to your IDP. There are multiple ways to add this metadata to your IDP :
Depending on how your IDP accepts the metadata, you can either provide the metadata URL or you can use the Download Metadata button to download an XML file for the same.
If you wish to add the metadata manually,you will find the following information in this section. These details will need to be provided to your IDP.
The custom setup flow allows you to dive into the complete set of configurations that we provide to add a SAML Identity Provider. The steps to configure an IDP using the Custom Setup option are :
With the information you have been given by Your IDP team, you can configure IDP settings in 3 ways:
Go to Manual Configuration tab and enter the following details:
Next we will be setting up user profile attributes for Atlassian Application. The settings for this can be found in the User Profile section.
When the user logs into
Atlassian Application, one of the user's data/attribute coming in from the IDP is used to search the user in Atlassian Application. This is used to detect the user in Atlassian Application and log in the user to the same account.
You can configure it using steps given below:
Now we will be setting up user group attributes for Atlassian Application. You can replicate your user's groups present on IDP in your SP. There are multiple ways of doing this.