Confluence¶
Presentation¶
Confluence is a web-based corporate wiki developed by Atlassian.
It is compatible with SAML and OpenID Connect. This tutorial will focus on SAML.
Configuration¶
You must first configure LemonLDAP::NG as a SAML Identity Provider.
Configure SAML in Confluence¶
In the SSO configuration page, choose SAML as the authentication method. And set the following parameters.
Don’t forget to replace auth.example.com
with your actual domain.
Single sign on issuer:
https://auth.example.com/saml/metadata
Identity provider single sign on URL:
https://auth.example.com/saml/singleSignOn
X.509 certificate: You can find this certificate in the manager: SAML2 Service » Security » Signature » Public key
Username mapping attribute:
${uid}
Danger
Make sure the certificate you copy into Confluence starts with BEGIN CERTIFICATE and not with BEGIN PRIVATE KEY
Write down the Assertion Consumer Service URL and the Audience URL, that Confluence is showing you, you will need it to configure LemonLDAP::NG
Configure LemonLDAP::NG¶
In the LemonLDAP::NG Manager, create a new SAML Service Provider
In Metadata, copy the following XML document, and don’t forget to change AUDIENCE_URL
and CONSUMER_SERVICE_URL
the URLs with the values given by Confluence.
<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
entityID="AUDIENCE_URL">
<md:SPSSODescriptor
AuthnRequestsSigned="false"
WantAssertionsSigned="false"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
<md:AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="CONSUMER_SERVICE_URL"
index="1"/>
</md:SPSSODescriptor>
</md:EntityDescriptor>
In Exported Attributes, add a new attribute:
Variable name: the session variable containing user logins
Attribute name:
uid
Mandatory:
On
Finally, in Options » Signature, set
Check SSO message signature: Off
Check SLO message signature: Off