Jira/Confluence SSO with OpenAM

Michael Townsend July 18, 2012

I am trying to configure SSO in Jira and Confluence using ForgeRock OpenAM. I have followed the directions on this page to the letter, and am having problems. Attempting to access the Jira server correctly redirects to the OpenAM login page and logging in correctly redirects back to Jira, but from there the redirects go infinite. Jira is clearly not recognizing the OpenAM-created cookie as valid authentication, and bouncing the request back to OpenAM.

I feel that I'm probably going wrong in step 2 ("Create/copy an AMConfig.properties to atlassian-jira/WEB-INF/classes/ (or somewhere in the classpath)"), since I'm not really sure what this file should contain, or where I should copy it from.

Does anyone have any experience integrating Jira/Confluence with OpenAM? I could really use a hand.

Thanks!

3 answers

1 accepted

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

0 votes
Answer accepted
Joe Clark
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 23, 2012

Hey,

I don't have any experience with OpenAM, sorry, but thought I would try searching around online to see if I could help.

The only useful reference I could find to AMConfig.properties came from http://docs.oracle.com/cd/E19681-01/820-3320/ggftb/index.html. It says to run scripts/setup.sh from the Client SDK, which will create an example AMConfig.properties file for you.

Presumably this config file should contain the configuration necessary for the OpenAM Client running in Confluence to know where and how to contact the SSO server?

Please post back here if you make any progress! I'd be interested to hear how you go.

Michael Townsend July 23, 2012

This is pretty much what we did. We generated the AMConfig.properties file from the example code, then made tweaks based on information found on this page. Our problems ran deeper than the AMConfig.properties file, however. Since we were only developing a POC, our OpenAM server wasn't yet registered in our DNS. We were editing hosts files to allow named access. We had forgotten to modify the hosts file on our Jira server, which was preventing the Jira server from properly communicating with the OpenAM server.

Most useful, I think, was properly enabling logging in the OpenAM SDK. In the AMConfig.properties file, debug level and debug directory can be set. Once logging is enabled, the amSSOProvider and amNaming logfiles quickly led us to the issues.

0 votes
zhalei October 22, 2015

for Q1: I downloaded OpenAM_12.0.0.zip, it contains a jar named ClientSDK_12.0.0.jar, copy this jar to jira project. for Q2: seems there is a template file named AMClient.properties in OpenAM, copy it and modify some values according to your specific setting, I dont know exactly... for Q3: https://github.com/pearj/openam-crowdprovider/tree/2a3aced15986770c871b0b7c55981ceb337ce8e1/crowdprovider contains a plugin's code, you can git clone it and use Maven to build a jar, put this jar to jira project.

0 votes
Solnet Solutions July 30, 2012

Hi Michael, I am also trying to integrate jira with openam by following the same page you are using. I just have few questions that i hope you can help me with. Thanks in advance for your help.

1. Copy the OpenAM client sdk to atlassian-jira/WEB-INF/lib/

I get the sdk by 1st check out the code from https://svn.forgerock.org/openam/branches/extensions-cyber_ee /seraphprovider and then run command: mvn compile on pom.xml which produce three opensso classes.Is that the right way to create client sdk? Please help!

Question1: do i copy the three classes to atlassian-jira/WEB-INF/lib/? Thanks

2. Create/copy an AMConfig.properties to atlassian-jira/WEB-INF/classes/

How do i create this file?

3. Copy this projects jar to atlassian-jira/WEB-INF/lib/

Question3: what is this projects jar? where do i get it?

Thanks for your help.

TAGS
AUG Leaders

Atlassian Community Events