Versions Compared

Version Old Version 34 New Version 35
Changes made by

Former user

Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Anchor
top
top

...

QuestionAnswer
What Atlassian products does Go2Group SSO integrate with?
  1. JIRA
  2. Confluence
  3. Bamboo
  4. Stash
  5. Crowd

Please view the Version Matrix to find out the exact version of the Atlassian tools we support. Users can integrate one or multiple applications to the solution. Users can also integrate multiple of the same application to the solution.

Who can use this solution?Not only can this solution be deployed in governmental organizations, this solution can also be installed into organizations that use smart cards with client certificates in it to achieve the same result.
What platform does the solution support?

As SSO is a server-side based application, the client platform does not affect how SSO works. As long as the client uses an Atlassian supported web browser such as Chrome, Firefox, IE and Safari, then SSO will work.

On the server side, we have tested the setup using Apache 2.2 running on RedHat / CentOS

Your administrator confirms that the installation is successful and should work as intended. However, you still cannot login into the supported applications

Please try to clear your browsers cache including it's cookies

Instead of specifiying the username in the configuration, I want to authenticate users based on email addressThis is possible. The client-cert.properties allows you to change the configuration to search for users using an email address instead of using and regexing the value

...

QuestionAnswer
What is the prerequisite for installing the solution?
  1. Go2Group does require users to have a functional web server (e.g. Apache or IIS or nginx) that is already tied with SSL before the installation progress can proceed
  2. Please review the Version Matrix for the supported platforms
Which application does user, group and membership management?

There are two options here.

  1. Crowd
  2. LDAP/AD

Users are encouraged to let Crowd or LDAP/AD manage users, groups and membership

How do I redirect user to my SSO page?There are the params to change in seraph-config.xml
  • login.url
  • link.login.url
  • logout.url
How do I disable the login gadget for JIRA?

There is a tag to change in $JIRA_HOME/atlassian-jira/WEB-INF/classes/jpm.xml

Code Block
languagexml
        <property>
            <key>jira.disable.login.gadget</key>
            <default-value>false</default-value>
            <type>boolean</type>
            <admin-editable>false</admin-editable>
            <sysadmin-editable>false</sysadmin-editable>
        </property>

Change the default-value from false to true

How to I regex the username of an email?

There are instances where the username of the user in the application is the username in the email address. This is used especially if you want to get the username from the SSL_CLIENT_SAN_OTHER_msUPN_n or msUPN (e.g. SSL_CLIENT_SAN_OTHER_msUPN_0) attribute.

Example:

The regex that you can use to get 1234567890 is:

  • Regex Pattern: ^(?!.*?[._-]{2})[a-zA-Z0-9._-]+(?=@)
  • Group: 0
How do I set the logging level to debug?

You can set the logging level to DEBUG (or others) by following this guide.

The package that you should use is com.go2group and the level to set is DEBUG.

How do I enable checking on certain URLs only?

Here is an example in Apache:

Code Block
<IfModule mod_headers.c>
    <If "%{THE_REQUEST} <your_does_not_match_condition>>
        RequestHeader set cca_ignore_header "true"
    </If>
</IfModule>

If this header exists and it is true, the add-on will not process its business logic. So:

Code Block
<If "%{THEREQUEST_REQUESTURI} !~ m#/bitbucket/login#">
    RequestHeader set cca_ignore_header true
</If>
<Else>
    SSLVerifyClient optional
    SSLVerifyDepth  3
    SSLOptions +StdEnvVars +ExportCertData
    RequestHeader set SSL_CLIENT_S_DN    ""
    RequestHeader set PROXY_SSL_CLIENT_S_DN "%{SSL_CLIENT_S_DN}e"
    RequestHeader set SSL_CLIENT_S_DN "%{SSL_CLIENT_S_DN}s"
</Else>


...