Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Disable JIRA Login page with Seraph SSO

DJX
DJX
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 18, 2014

I am working on a custom SSO authenticator for my JIRA instance.

I have the login part working great. The problem I have now is that I need to completely hide the Login page. All login needs to go through my SSO provider.

As it sits right now, if a user logs in through SSO but doesn't exist in JIRA it shows them the login screen. The way I need it to work is that if the SSO service logs them in but they don't exist in JIRA, that they are kicked back to the SSO login page, or at least shown an error page instead of the login page.

How can I do this without hacking up the login.xml file?

Watch
Like Miguel Mendez likes this
4927 views

2 answers

1 accepted

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

3 votes
Answer accepted
Timothy
Timothy
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 18, 2014

I did not know that there is a login.xml. You will have to modify instead the seraph-config.xml. Chagne the login.url, link.login.url and logout.url params

View More Comments
DJX
DJX
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 18, 2014

Thanks for your response. I have already done this. I have set all three of these to point to my SSO. In my custom plugin I return "null" if the user should not be allowed to login. Instead what happens is the user is shown the "Login" page if I Return "null".

What else can I do to make sure the users never see the JIRA login page?

Like
Timothy
Timothy
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 20, 2014

Disable the login gadget in jpm.xml?

Like
DJX
DJX
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 30, 2014

Thanks for this suggestion! This seems to have gotten me most of the way there. At least now when a user gets to my page and doesn't have access, they won't see the login gadget. I plan to update my Seraph plugin to delete the JIRA auth cookies so they are forced back out if they are not authorized to be in the system.

Like
DJX
DJX
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 9, 2014

As a final note to everyone - Timothy's suggestion to remove the login gadget in jpm.xml is a great way to prevent people from logging in via the web page when using SSO. I still haven't been able to get the system to automatically kick the user out if they're not logged in, but this is an issue specific to my SSO solution and JIRA instance.

Like
childnode
childnode June 15, 2015

some notes on problems up to 5.8.1 https://jira.atlassian.com/browse/CONF-35884

Like
Bianca Borges
Bianca Borges August 17, 2017

Hi DJX. I'm looking for a way to use Seraph for SSO on JIRA Core, since I'm not a developer, I'm not sure which way to go - could you please share how you implemented the custom authenticator? This is where I get lost:

https://docs.atlassian.com/atlassian-seraph/latest/sso.html

Thanks in advance.

Like
DJX
DJX
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 17, 2017

@Bianca Borges - There are a few plugins out on the market that handle some common authenticators. At the time, I was working with one that did not have a plugin. I wrote this post to document some of my findings: https://www.jarvispowered.com/single-sign-on-to-jira-with-siteminder/

Like
Bianca Borges
Bianca Borges August 18, 2017

@DJX thanks for sharing!

Like
Prasad Andrews
Prasad Andrews August 21, 2017

Hi @DJX

My issue also similar case please find the below description, snap shot and let me know your inputs, please.

I am working on custom Google SSO authenticator for my JIRA & WIKI instance (Vendor AppFusions).

Google SSO for JIRA

Google SSO for Atlassian Confluence

https://www.appfusions.com/display/GAPPSAUTHJ/Home

I have the login part working great. The problem I have now is that I need to completely hide the Login page. All login needs to go through my SSO provider. i.e., all the users must “sign in with Google” so I want to disable the login page username and password fields. When I access my JIRA and Confluence URL then we need to click on “sign in with Google” to login my applications.WIKi JIRA.PNG

Regards,

Andy

Like
Miguel Mendez
Miguel Mendez February 7, 2018

This won't help in redirecting, but simply changing Jira/Confluence to use external user management will disable the ability to use "forgot password" and a bunch of other useful SSO specific functionality

 

https://confluence.atlassian.com/doc/disabling-the-built-in-user-management-138741.html

Like
Reply
0 votes
Richard Duffy
Richard Duffy April 10, 2019

Hi

If we remove the login gadget how do we login as local admin?

Thanks

View More Comments
DJX
DJX
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 10, 2019

I think it's not possible to have both options at the same time. Personally, I have a a production / dev config file. When I need to do maintenance I shut JIRA down, swap the config files, and then login with the admin account.

Like Richard Duffy likes this
Richard Duffy
Richard Duffy April 10, 2019

Hi DJX

Yes i thought that was the case. Thanks for confirmation 

Like
Reply
Atlassian logo
Answers Developer Questions
TAGS
AUG Leaders

Atlassian Community Events

    See all events