...
This is the Frequently Asked Question (FAQ) page.
| Note |
|---|
This page will be updated frequently and is a work in progress.| Column |
|---|
|
|
as sfrequently as possible.
Table of Contents
Usage
| Question | Answer |
|---|
| What Atlassian products does |
Go2Group SSO | this integrate with? | - JIRA
- Confluence
- Bamboo
- Stash
- Crowd
Please view the Version Matrix to find out the exact version of the Atlassian tools we support. Users can integrate one or multiple applications to the solution. Users can also integrate multiple of the same application to the solution. |
| Who can use this solution? | Not only can this solution be deployed in governmental organizations, this solution can also be installed into organizations that use smart cards with client certificates in it to achieve the same result. |
| What platform does the solution support? | As SSO is a server-side based application, the client platform does not affect how SSO works. As long as the client uses an Atlassian supported web browser such as Chrome, Firefox, IE and Safari, then SSO will work. On the server side, we have tested the setup using Apache 2.2 running on RedHat / CentOS |
| Your administrator confirms that the installation is successful and should work as intended. However, you still cannot login into the supported applications | Please try to clear your browsers cache including it's cookies |
| Instead of specifiying the username in the configuration, I want to authenticate users based on email address | This is possible. The client-cert.properties allows you to change the configuration to search for users using an email address instead of using and regexing the value |
...
top
Installation
| Question | Answer |
|---|
| What is the prerequisite for installing the solution? |
Go2Group - Goldfinger Holdings does require users to have a functional web server (e.g. Apache or IIS or nginx) that is already tied with
|
DOD Root Certificates and - SSL before the installation progress can proceed
|
.- Please review the Version Matrix for the supported platforms
|
| Which application does user, group and membership management? | There are two options here. - Crowd
- LDAP/AD
Users are encouraged to let Crowd or LDAP/AD manage users, groups and membership |
| How do I redirect user to my SSO page? | There are the params to change in seraph-config.xml- login.url
- link.login.url
- logout.url
|
| How do I disable the login gadget for JIRA? | There is a tag to change in $JIRA_HOME/atlassian-jira/WEB-INF/classes/jpm.xml | Code Block |
|---|
| <property>
<key>jira.disable.login.gadget</key>
<default-value>false</default-value>
<type>boolean</type>
<admin-editable>false</admin-editable>
<sysadmin-editable>false</sysadmin-editable>
</property> |
Change the default-value from false to true |
| How to I regex the username of an email? | There are instances where the username of the user in the application is the username in the email address. This is used especially if you want to get the username from the SSL_CLIENT_SAN_OTHER_msUPN_n or msUPN (e.g. SSL_CLIENT_SAN_OTHER_msUPN_0) attribute. Example: The regex that you can use to get 1234567890 is: - Regex Pattern:
^(?!.*?[._-]{2})[a-zA-Z0-9._-]+(?=@) - Group: 0
|
| How do I set the logging level to debug? | You can set the logging level to DEBUG (or others) by following this guide. The package that you should use is com.go2group and the level to set is DEBUG. |
| How do I enable checking on certain URLs only? | Here is an example in Apache: | Code Block |
|---|
<IfModule mod_headers.c>
<If "%{THE_REQUEST} <your_does_not_match_condition>>
RequestHeader set cca_ignore_header "true |
|
...
If this header exists and it is true, the add-on will not process its business logic. So: | Code Block |
|---|
<If "%{REQUEST_URI} !~ m#/bitbucket/login#">
RequestHeader set cca_ignore_header true
</If>
<Else>
SSLVerifyClient optional
SSLVerifyDepth 3
SSLOptions +StdEnvVars +ExportCertData
RequestHeader set SSL_CLIENT_S_DN ""
RequestHeader set PROXY_SSL_CLIENT_S_DN "%{SSL_CLIENT_S_DN}e"
RequestHeader set SSL_CLIENT_S_DN "%{SSL_CLIENT_S_DN}s"
</Else> |
|
top
Troubleshooting
go2groupgo2groupGoldfinger Holdings.confluence
- For Stash (Not available at the moment; Tracked at
| Jira Legacy |
|---|
| server | Go2Group Customer Support Issues |
|---|
| serverId | 48efd461-6601-315c-913b-0aef4461e690 |
|---|
| key | CCA-59 |
|---|
|
) - For Bamboo
- Turn the logging level to DEBUG (https://confluence.atlassian.com/display/BAMBOO/Logging+in+Bamboo)
- Aim the logging package to
com.go2group.cca and com.
|
go2group.bamboo ...
Goldfinger Holdings.bamboo
|
| To disable the app from via the database |
| Code Block |
|---|
select propertystring.id, propertyentry.property_key, propertystring.propertyvalue
from propertyentry, propertystring where propertyentry.id = propertystring.id
and propertyentry.property_key like 'com.go2group%'; |
From the resultant SQL query, change the value from true to false where the propertyentry.property_key is com.go2group.ccaj.ccaconfig.cca.enabled. |
top
Pricing and Licensing
| Question | Answer |
|---|
| What is the price for the solution? | Please refer to the Tiers, Pricing & Examples page to understand how much you have to pay for the license |
| How long is the licensee valid for? | The license generated is based on the number of years purchased At the end of the of the license, the product will cease to function |
| What kind of licensing model does this solution use? | The licensing model which is used is a subscription based. Licenses are required to be renewed before it expires |
| Is there a trial license? | Yes. |
Go2Group | Goldfinger Holdings will provide trial licenses for users that wish to test the solution in their environment before making the purchase. |
...
top
