Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Anchor
top
top

...

QuestionAnswer
What Atlassian products does Go2Group SSO integrate with?
  1. JIRA
  2. Confluence
  3. Bamboo
  4. Stash
  5. Crowd

Please view the Version Matrix to find out the exact version of the Atlassian tools we support. Users can integrate one or multiple applications to the solution. Users can also integrate multiple of the same application to the solution.

Who can use this solution?Not only can this solution be deployed in governmental organizations, this solution can also be installed into organizations that use smart cards with client certificates in it to achieve the same result.
What platform does the solution support?

As SSO is a server-side based application, the client platform does not affect how SSO works. As long as the client uses an Atlassian supported web browser such as Chrome, Firefox, IE and Safari, then SSO will work.

On the server side, we have tested the setup using Apache 2.2 running on RedHat / CentOS

Your administrator confirms that the installation is successful and should work as intended. However, you still cannot login into the supported applications

Please try to clear your browsers cache including it's cookies

Instead of specifiying the username in the configuration, I want to authenticate users based on email addressThis is possible. The client-cert.properties allows you to change the configuration to search for users using an email address instead of using and regexing the value

top 

21070340

Installation

QuestionAnswer
What is the prerequisite for installing the solution?
  1. Go2Group does require users to have a functional web server (e.g. Apache or IIS or nginx) that is already tied with SSL before the installation progress can proceed
  2. Please review the Version Matrix for the supported platforms
Which application does user, group and membership management?

There are two options here.

  1. Crowd
  2. LDAP/AD

Users are encouraged to let Crowd or LDAP/AD manage users, groups and membership

How do I redirect user to my SSO page?There are the params to change in seraph-config.xmllogin.url

  • link.login.url
  • logout.url
  • How do I disable the login gadget for JIRA?

    There is a tag to change in $JIRA_HOME/atlassian-jira/WEB-INF/classes/jpm.xml

    Code Block
    languagexml
            <property>
                <key>jira.disable.login.gadget</key>
                <default-value>false</default-value>
                <type>boolean</type>
                <admin-editable>false</admin-editable>
                <sysadmin-editable>false</sysadmin-editable>
            </property>

    Change the default-value from false to true

    How to I regex the username of an email?

    There are instances where the username of the user in the application is the username in the email address. This is used especially if you want to get the username from the SSL_CLIENT_SAN_OTHER_msUPN_n or msUPN (e.g. SSL_CLIENT_SAN_OTHER_msUPN_0) attribute.

    Example:

    The regex that you can use to get 1234567890 is:

    • Regex Pattern: ^(?!.*?[._-]{2})[a-zA-Z0-9._-]+(?=@)
    • Group: 0
    How do I set the logging level to debug?

    You can set the logging level to DEBUG (or others) by following this guide.

    The package that you should use is com.go2group and the level to set is DEBUG.

    How do I enable checking on certain URLs only?

    Here is an example in Apache:

    Code Block
    <IfModule mod_headers.c>
        <If "%{THE_REQUEST} <your_does_not_match_condition>>
            RequestHeader set cca_ignore_header "true"
        </If>
    </IfModule>

    If this header exists and it is true, the add-on will not process its business logic. So:

    Code Block
    <If "%{THE_REQUEST} !~ m#/bitbucket/login#">
        RequestHeader set cca_ignore_header true
    </If>
    <Else>
        SSLVerifyClient optional
        SSLVerifyDepth  3
        SSLOptions +StdEnvVars +ExportCertData
        RequestHeader set SSL_CLIENT_S_DN    ""
        RequestHeader set PROXY_SSL_CLIENT_S_DN "%{SSL_CLIENT_S_DN}e"
        RequestHeader set SSL_CLIENT_S_DN "%{SSL_CLIENT_S_DN}s"
    </Else>

    top 

    21070340

    Troubleshooting

    QuestionAnswer
    Need more logging?
    1. For JIRA
      1. Turn the logging level to DEBUG (https://confluence.atlassian.com/display/JIRA/Logging+and+Profiling)
      2. Aim the logging package to com.go2group.cca and com.go2group.jira
    2. For Confluence:
      1. Turn the logging level to DEBUG (https://confluence.atlassian.com/display/DOC/Configuring+Logging)
      2. Aim the logging package to com.go2group.cca and com.go2group.confluence
    3. For Stash (Not available at the moment; Tracked at
      Jira Legacy
      serverGo2Group Customer Support Issues
      serverId48efd461-6601-315c-913b-0aef4461e690
      keyCCA-59
      )
    4. For Bamboo
      1. Turn the logging level to DEBUG (https://confluence.atlassian.com/display/BAMBOO/Logging+in+Bamboo)
      2. Aim the logging package to com.go2group.cca and com.go2group.bamboo

    top 

    21070340

    Pricing and Licensing

    QuestionAnswer
    What is the price for the solution?Please refer to the Tiers, Pricing & Examples page to understand how much you have to pay for the license
    How long is the licensee valid for?

    The license generated is based on the number of years purchased

    At the end of the of the license, the product will cease to function

    What kind of licensing model does this solution use?The licensing model which is used is a subscription based. Licenses are required to be renewed before it expires
    Is there a trial license?Yes. Go2Group will provide trial licenses for users that wish to test the solution in their environment before making the purchase.

     

    top21070340