How to remove the HTTPS requirement for SAML 2.0 SSO integration
プラットフォームについて: Data Center - この記事は、Data Center プラットフォームのアトラシアン製品に適用されます。
このナレッジベース記事は製品の Data Center バージョン用に作成されています。Data Center 固有ではない機能の Data Center ナレッジベースは、製品のサーバー バージョンでも動作する可能性はありますが、テストは行われていません。サーバー*製品のサポートは 2024 年 2 月 15 日に終了しました。サーバー製品を利用している場合は、アトラシアンのサーバー製品のサポート終了のお知らせページにて移行オプションをご確認ください。
*Fisheye および Crucible は除く
問題
You wish to test SAML configuration in a non-HTTPS secured dev or testing environment but cannot because HTTPS is required to be able to enable SAML config in Data Center.
環境
Confluence Data Center 6.x and later
- Jira Data Center 7.x and later
- SSO for Atlassian Server and Data Center plugin
原因
HTTPS is required by default to configure SAML.
As the SAML protocol is browser based both the product and the Identity Provider must use HTTPS (rather than HTTP), to prevent man-in-the-middle attacks and capturing XML documents with SAML assertions.
It's possible to allow non-HTTPS setups by following one of the workarounds below. This is not secure and shouldn't be used except for testing.
回避策 1
Via startup property:
Set one of the following parameters in System Property, according to the version of the SSO for Atlassian Server and Data Center plugin you have installed.
-Datlassian.darkfeature.atlassian.authentication.saml.sso.skip.https.requirement=true-Datlassian.darkfeature.atlassian.authentication.sso.skip.https.requirement=trueRestart Jira/Confluence to have the change to take effect.
回避策 2
Via dark feature page:
- Visit the dark features page on Confluence or Jira.
- Confluence:
<Confluence_URL>/admin/darkfeatures.action - Jira:
<Jira_URL>/secure/admin/SiteDarkFeatures!default.jspa
- Confluence:
- Add one of the following dark features, according to the version of the SSO for Atlassian Server and Data Center plugin you have installed.
atlassian.authentication.saml.sso.skip.https.requirementatlassian.authentication.sso.skip.https.requirement