Confluence ========== Presentation ------------ Confluence is a web-based corporate wiki developed by Atlassian. It is compatible with SAML and OpenID Connect. This tutorial will focus on SAML. Configuration ------------- You must first configure LemonLDAP::NG as a :doc:`SAML Identity Provider<../idpsaml>`. Configure SAML in Confluence ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In the SSO configuration page, choose SAML as the authentication method. And set the following parameters. Don't forget to replace ``auth.example.com`` with your actual domain. * Single sign on issuer: ``https://auth.example.com/saml/metadata`` * Identity provider single sign on URL: ``https://auth.example.com/saml/singleSignOn`` * X.509 certificate: You can find this certificate in the manager: SAML2 Service » Security » Signature » Public key * Username mapping attribute: ``${uid}`` .. danger:: Make sure the certificate you copy into Confluence starts with BEGIN CERTIFICATE and not with BEGIN PRIVATE KEY Write down the *Assertion Consumer Service URL* and the *Audience URL*, that Confluence is showing you, you will need it to configure LemonLDAP::NG Configure LemonLDAP::NG ~~~~~~~~~~~~~~~~~~~~~~~ In the LemonLDAP::NG Manager, create a new *SAML Service Provider* In *Metadata*, copy the following XML document, and don't forget to change ``AUDIENCE_URL`` and ``CONSUMER_SERVICE_URL`` the URLs with the values given by Confluence. :: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified In *Exported Attributes*, add a new attribute: * Variable name: the session variable containing user logins * Attribute name: ``uid`` * Mandatory: ``On`` Finally, in *Options* » *Signature*, set * Check SSO message signature: Off * Check SLO message signature: Off