The final step to linking the two systems is to configure the Seraph file within the Atlassian product.
-
Backup the existing seraph-config.xml. It’s crucial to perform this step, because if
there is an issue with your configuration you may need to restore this file to get back
into your Atlassian server. This file can be located at:
- For Confluence:
<Atlassian Installation Directory>/Confluence/confluence/WEB-INF/classes
- For Jira:
<Atlassian Installation Directory>/Jira/atlassian-jira/WEB-INF/classes
- For Confluence:
-
Open
seraph-config.xml
in your favorite editor. -
Change the param-value of
login.url
andlink.login.url
to:https://<pf_host>:<pf_port>/sp/startSSO.ping?PartnerIdpId=
<idp_connection_entity_id>&SpSessionAuthnAdapterId=
<sp_refid_adapter_instance_id>&TARGET=${originalurl}
pf_host
: The PingFederate hostpf_port
: The PingFederate port. This should be the same value that was specified for the secondary SSL port in the Mutual SSL authenticationidp_connection_entity_id
: The Partner Entity ID for the IdP connection (found under General Info section of the IdP Connection).sp_refid_adapter_instance_id
: The Instance ID for the SP Reference ID adapter.Note: This value determines where the user is redirected to in step 2 of Overview of the SSO flow.Important: The values forlogin.url
andlink.login.url
must be URL-encoded and HTML-escaped. -
Change the authenticator class:
- For Confluence, remove this
line:
<authenticator class="com.atlassian.confluence.user.ConfluenceAuthenticator"/>
Add this line:
<authenticator class="com.pingidentity.adapters.atlassian.confluence.PFConfluenceAuthenticator"/>
- For Jira, remove this line:
<authenticator class="com.atlassian.jira.security.login.JiraSeraphAuthenticator"/>
Add this line:<authenticator class="com.pingidentity.adapters.atlassian.jira.PFJiraAuthenticator"/>
- For Confluence, remove this
line:
-
Save the
seraph-config.xml
. -
For Jira, follow these additional steps:
- Open <Atlassian Installation Directory>/Jira/atlassian-jira/WEB-INF/classes/jira-application.properties
-
Disable the login gadget.
jira.disable.login.gadget=true
- Save the file.