Versions Compared

Version Old Version 5 New Version Current
Changes made by

Former user

Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents
typeflat

Description

The Client Certificate Authentication solution is a JAR made for Atlassian JIRA, Confluence, Bamboo and Bitbucket (Server) / Stash

When users try to access

JIRA

any one of the Atlassian tools, the browser will prompt them to select their certificate. Users will then be automatically logged

in to JIRA

into the application if their username already has an account.

To enable this integration, you will need to have

JIRA

the Atlassian application integrated with Apache via a reverse proxy

.

Resources

Issue Tracker

(Support, New feature and Improvement Requests)

http://jira.go2group.com/browse/CCA

Page Tree Search

Page Treeroot@selfexpandCollapseAlltrue

.

Introduction

This document describes using client certificates as an authentication mechanism in JIRA. In the terms of smart cards, certificates are still passes from the smart card into the browser via the smart card client.

The method described here will allow JIRA to use client certificates for authentication without a password.

Note
titleNotes
  • If you find yourself without a valid certificate and locked out of JIRA, you may need to effectively undo all the plugin setup to log in with a regular JIRA account again
  • If your certificate contains more than one identify, the first valid identify will be used
  • The plugin assumes that the user ID is contained in the CN entry
    • If that is not the case in your certificate, a minor code customization will be necessary

Image Added

  1. This is the diagram for first access
  2. As certificates can be installed directly into the browser, depending on your browser settings, users will either be prompted for the certificate or the default certificate will be automatically used and validated
  3. This setup requires administrators to setup a User Directory before hand
    1. This User Directory will be used to pull user, groups and the memberships
    2. Runs every xx minutes to make sure that they sync is up to date

Image Added

  1. This is the diagram for first access
  2. As certificates can be installed directly into the browser, depending on your browser settings, users will either be prompted for the certificate or the default certificate will be automatically used and validated