The following table details the required and optional attributes to be configured in the assertion attribute contract.
Attribute Name Description Required / Optional

SAML_SUBJECT

Username

Required

  1. Create a PingFederate SP Connection for Jira/Confluence.
    Note:

    The following configuration is untested and is provided as an example. Additional steps might be required.

    1. Sign on to Atlassian application as an administrator and go to Administration > System > SAML Authentication.
    2. Select SAML Single Sign On and note the Audience URL (Entity ID) and Assertion Consumer Service URL values.
    3. Download the signing certificate.
    4. Sign on to the PingFederate administrative console.
    5. Using the details retrieved from the Atlassian application UI:
      1. Configure using Browser SSO profile SAML 2.0.
      2. Enable IdP-Initiated SSO and SP Initiated SSO.
      3. In Assertion Creation: Attribute Contract, set the Subject Name Format to urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified.
      4. In the Assertion Creation: Attribute Contract Fulfilment, map the attribute SAML_SUBJECT to the attribute username.
      5. In Protocol Settings: Allowable SAML Bindings, enable Post and Redirect.
    6. Export the metadata for the newly-created SP connection.
    7. Export the signing certificate public key.
  2. Configure the PingFederate IdP connection for Jira/Confluence on premise:
    1. Sign on to Atlassian application as an administrator and go to Administration > System > SAML Authentication.
    2. Select SAML Single Sign-On.
    3. Configure the following.
      Setting Value

      Single sign-on issuer

      The issuer ID for your PingFederate instance. You can retrieve this from the metadata that you downloaded.

      Identity provider single sign-on URL

      The PingFederate SingleSignOnService URL. You can retrieve this from the metadata that you downloaded. For example,

      https://<hostname>:<port>/idp/SSO.saml2

      X509 Certificate

      Upload the PingFederate signing public certificate.

      Login Mode

      Choose whether SAML is primary or secondary authentication.

      Configuration is complete.