Use single sign-on (SSO) authentication for Atlassian JIRA

Enterprise Application Access (EAA) supports single sign-on (SSO) to Atlassian applications, such as JIRA, using custom headers insertion. This lets you access the Atlassian application through the EAA Cloud service without authenticating for a specific application again.

Before you begin

The Confluence application must be running and integrated into your Active Directory (AD) or OpenLDAP server.

You can use your AD or OpenLDAP server to authenticate all the end users and have immediate access to applications secured through EAA Cloud. This integration sends the X-forwarded-for custom headers to an application for SSO.

How to

  1. Download the latest version of the Atlassian JIRA SSO connector.
  2. Copy the downloaded jar file to this location in your JIRA installation:
    • For Linux:*/jira/WEB-INF/lib
    • For Windows: *jira/WEB-INF/lib
  3. Download the jiraRemoteUserAuthenticator.properties text file from https://github.com/UW-Madison-DoIT/jiraRemoteUserAuth/tree/master/conf.
  4. Rename the file to RemoteUserAuthenticator.properties by removing jira from the start of the file name, and save it to this location in your JIRA installation:
    • For Linux: */jira/WEB-INF/classes
    • For Windows: *jira/WEB-INF/classes
  5. Edit the remoteUserAuthenticator.properties file with administrative privileges and change these lines to send remote headers for SSO:
    • Change header.remote_user=REMOTE_USER to header.remote_user=user_name
    • Comment out the line #header.email=CONF_EMAIL
    • Comment out the line #header.fullname=CONF_FULLNAME
  6. Save the file.
  7. Edit the seraph-config.xml file at this location in your Confluence installation /WEB-INF/classes/seraph-config.xml. Edit this line:

    Find and replace or comment out <authenticator class="com.atlassian.seraph.auth.DefaultAuthenticator"/> with:

    <authenticator class="shibauth.jira.authentication.shibboleth.RemoteUserAuthenticator”/>

  8. Save the file and restart the JIRA application.
  9. Configure the Enterprise Application Access (EAA) application.
    1. Click Settings on the JIRA application that you configured in EAA.
    2. Click ADVANCED SETTINGS at the top.
    3. Scroll to the Custom HTTP headers section.
    4. Enter user_name in the Header Name field and select user from the Attribute field.
    5. Click Save and go to Deployment.

Next steps

For the changes to go into effect, Deploy the application.