Atlassian

Configuring Seraph

About this task

The final step to linking the two systems is to configure the Seraph file within the Atlassian product.

Steps

  1. Backup the existing seraph-config.xml. It’s crucial to perform this step, because if there is an issue with your configuration you may need to restore this file to get back into your Atlassian server. This file can be located at:

    Choose from:

    • For Confluence:

      <Atlassian Installation Directory>/Confluence/confluence/WEB-INF/classes

    • For Jira:

      <Atlassian Installation Directory>/Jira/atlassian-jira/WEB-INF/classes

  2. Open seraph-config.xml in your favorite editor.

  3. Change the param-value of login.url and link.login.url to:

    https://<pf_host>:<pf_port>/sp/startSSO.ping?PartnerIdpId=

    <idp_connection_entity_id>&SpSessionAuthnAdapterId=

    <sp_refid_adapter_instance_id>&TARGET=${originalurl}

    pf_host: The PingFederate host

    pf_port: The PingFederate port. This should be the same value that was specified for the secondary SSL port in the Mutual SSL authentication

    idp_connection_entity_id: The Partner Entity ID for the IdP connection (found under General Info section of the IdP Connection).

    sp_refid_adapter_instance_id: The Instance ID for the SP Reference ID adapter.

    This value determines where the user is redirected to in step 2 of Overview of the SSO flow.

    The values for login.url and link.login.url must be URL-encoded and HTML-escaped.

  4. Change the authenticator class:

    Choose from:

    • For Confluence, remove this line:

      <authenticator class="com.atlassian.confluence.user.ConfluenceAuthenticator"/>

      Add this line:

      <authenticator class="com.pingidentity.adapters.atlassian.confluence.PFConfluenceAuthenticator"/>

    • For Jira, remove this line:

      <authenticator class="com.atlassian.jira.security.login.JiraSeraphAuthenticator"/>

      Add this line:

      <authenticator class="com.pingidentity.adapters.atlassian.jira.PFJiraAuthenticator"/>

  5. Save the seraph-config.xml.

  6. For Jira, follow these additional steps:

    1. Open <Atlassian Installation Directory>/Jira/atlassian-jira/WEB-INF/classes/jira-application.properties

    2. Disable the login gadget.

      jira.disable.login.gadget=true

    3. Save the file.