Confluence SAML app gives the ability to enable SAML Single Sign On for Confluence Software. Confluence Software is compatible with all SAML Identity Providers. Here we will go through a guide to configure SSO between Confluence and your Identity Provider. By the end of this guide, users from your Identity Provider should be able to login and register to Confluence Software.
To integrate your Identity Provider(IDP) with Confluence, you need the following items:
All the information required to configure the Ping One as IDP i.e. plugin’s metadata is given in the Service Provider Info tab of the miniOrange SAML plugin.
Provide the SAML configuration details for the application.
1.Signing. In the dropdown list, select the signing certificate you want to use.
2.SAML Metadata. Click Download to retrieve the SAML metadata for Ping One. This supplies the Ping One connection information to the application.
3.Protocol Version. Select the SAML protocol version appropriate for your application.
4.Upload Metadata. Click Choose File to upload the application’s metadata file. The entries for ACS URL and Entity ID will then be supplied for you. If you do not upload the application metadata, you will need to enter this information manually. When you are manually assigning an Entity ID value, the Entity ID must be unique, unless you are assigning the Entity ID value for a private, managed application (an application that is supplied and configured by a PingOne for Enterprise administrator, rather than by an SP.
5.Single Logout Endpoint. The URL to which our service will send the SAML Single Logout (SLO) request using the Single Logout Binding Type that you select.
6.Single Logout Response Endpoint. The URL to which your service will send the SLO Response.
7.Single Logout Binding Type. Select the binding type (Redirect or POST) to use for SLO.
8.Primary Verification Certificate. Click Choose File to upload the primary public verification certificate to use for verifying the SP signatures on SLO requests and responses.
9.Signing Algorithm. Use the default value or select the algorithm to use from the dropdown list.
Optional:
I.Encrypt Assertion. If selected, the assertions PingOne sends to the SP for the application will be encrypted.
II.Encryption Certificate: Upload the certificate from miniOrange plugin to use to encrypt the assertions.
III.Encryption Algorithm: Choose the algorithm to use for encrypting the assertions. We recommend AES_256 (the default), but you can select AES_128 instead.
IV.Transport Algorithm: The algorithm used for securely transporting the encryption key. Currently, RSA-OAEP is the only transport algorithm supported.
V.Force Re-authentication. If selected, users having a current, active SSO session will be re- authenticated by the identity bridge to establish a connection to this application.
Now we will go through the steps to setup Confluence as a Service Provider using miniOrange add-on:
Configure Identity Provider
By Metadata URL:
By uploading Metadata XML file:
Manual Configuration:
1. IDP Name
2. IDP Entity ID
3. Single Sign On URL
4. Single Logout URL
5. X.509 Certificate
Configure Multiple Identity Providers
When user logs into Confluence, one of the user’s data/attribute coming in from the IDP is used to search the user in Confluence. This is used to detect the user in Confluence and login the user to the same account.
With the Quick Setup method, you can get the SP metadata from the first step of adding an IDP. The steps to initiate Quick Setup are given below :
After completing the above steps, you will see the first step of the Quick Setup process. This step deals with setting up your IDP.
Here you will find your SP's metadata. You will need to provide this metadata to your IDP. There are two ways to add this metadata to your IDP.
If you wish to add the metadata manually, then you can choose By manually configuring the metadata on your IDP You will find the following information. These details will need to be provided to your IDP
The next step of the Quick Setup flow deals with setting up IDP metadata on SP. We will pick this up in the next section of the setup guide.
If you have chosen to add your IDP using the Quick Setup flow then you have already completed the first step, which is to add SP metadata to your IDP. Now you can proceed with the second step of the Quick Setup method
This step is where you will be adding your IDP metadata.
There are 3 ways in which you can add your IDP metadata. Use the drop-down to select any of the following methods :
Add your metadata URL in the Enter Metadata URL field.
Use the Choose File button to browse for your metadata file.
To configure the IDP manually, you will need to have the following details from your IDP's metadata.
Once you have added the IDP metadata, click on Save. If the IDP has been added successfully, then you will see a Test and Get Attributes button. Click on this button to test if the IDP was added successfully.
In this step you will be setting up basic user profile attributes for your SP
If you plan on customizing your IDP setup from the get go, you can find the metadata in the SP Metadata. Here you will find your SP's metadata. You will need to provide this metadata to your IDP. There are multiple ways to add this metadata to your IDP :
Depending on how your IDP accepts the metadata, you can either provide the metadata URL or you can use the Download Metadata button to download an XML file for the same.
If you wish to add the metadata manually,you will find the following information in this section. These details will need to be provided to your IDP.
The custom setup flow allows you to dive into the complete set of configurations that we provide to add a SAML Identity Provider. The steps to configure an IDP using the Custom Setup option are :
With the information you have been given by Your IDP team, you can configure IDP settings in 3 ways:
Go to Manual Configuration tab and enter the following details:
Next we will be setting up user profile attributes for Jira. The settings for this can be found in the User Profile section.
When the user logs into
Jira, one of the user's data/attribute coming in from the IDP is used to search the user in Jira. This is used to detect the user in Jira and log in the user to the same account.
You can configure it using steps given below:
Now we will be setting up user group attributes for Jira. You can replicate your user's groups present on IDP in your SP. There are multiple ways of doing this.
If you are looking for anything which you cannot find, please drop us an email on info@xecurify.com