Confluence DC で SSO の設定に利用できる REST API のリスト

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問


プラットフォームについて: Data Center のみ - この記事は、Data Center プラットフォームのアトラシアン製品にのみ適用されます。

この KB は Data Center バージョンの製品用に作成されています。Data Center 固有ではない機能の Data Center KB は、製品のサーバー バージョンでも動作する可能性はありますが、テストは行われていません。サーバー*製品のサポートは 2024 年 2 月 15 日に終了しました。サーバー製品を利用している場合は、アトラシアンのサーバー製品のサポート終了のお知らせページにて移行オプションをご確認ください。

*Fisheye および Crucible は除く

要約

Confluence Data Center is bundled with the SSO for Atlassian Server and Data Center App (Atlassian SSO App), with which administrators can configure SSO authentication using SAML 2.0 or OIDC with the preferred Identity Provider (IdP) supporting these standards.
Check SAML single sign-on for Atlassian Data Center applications for further details about the Atlassian SSO App.

This App has some private REST APIs to allow checking and editing its configuration. This document highlights these APIs and provide examples of usage.
Being private APIs mean they may change without necessarily following the Atlassian REST API policy.

環境

Confluence Data Center 7.13.0

  • Although this document references Confluence, it may be used by administrators of Jira and Bitbucket when configuring SSO.

SSO for Atlassian Server and Data Center 4.2.5

  • These methods were made available since App version 4.2.0.

ソリューション

GET /rest/authconfig/1.0/login-options

Show all enabled authentication options.

CONFLUENCE_PAT='My+PAT'
CONFLUENCE_BASE_URL=https://confluence.pawtucketbrewery.com

curl -s -X GET \
 -H "Authorization: Bearer ${CONFLUENCE_PAT}" \
 -H 'Accept: application/json' \
 ${CONFLUENCE_BASE_URL}'/rest/authconfig/1.0/login-options'
レスポンスの例...
{
  "results": [
    {
      "type": "LOGIN_FORM",
      "id": 0
    },
    {
      "type": "IDP",
      "id": 1,
      "button-text": "Log in with IdP 1",
      "login-link": "https://confluence.pawtucketbrewery.com/plugins/servlet/external-login/1"
    },
    {
      "type": "IDP",
      "id": 2,
      "button-text": "Log in with another IdP",
      "login-link": "https://confluence.pawtucketbrewery.com/plugins/servlet/external-login/2"
    }
  ],
  "size": 3,
  "start": 0,
  "limit": -1,
  "isLastPage": true
}


GET /rest/authconfig/1.0/idps

Get detailed configuration from all IdPs.

CONFLUENCE_PAT='My+PAT'
CONFLUENCE_BASE_URL=https://confluence.pawtucketbrewery.com

curl -s -X GET \
 -H "Authorization: Bearer ${CONFLUENCE_PAT}" \
 -H 'Accept: application/json' \
 ${CONFLUENCE_BASE_URL}'/rest/authconfig/1.0/idps'
レスポンスの例...
{
  "results": [
    {
      "id": 1,
      "name": "SAML SSO",
      "enabled": true,
      "certificate": "MI(...)AHM",
      "sso-type": "SAML",
      "include-customer-logins": false,
      "enable-remember-me": true,
      "last-updated": "2021-09-20T13:12:05.075-03:00",
      "jit-configuration": {
        "user-provisioning-enabled": false,
        "mapping-display-name": "",
        "mapping-email": "",
        "mapping-groups": "",
        "additional-openid-scopes": []
      },
      "button-text": "Log in with IdP 1",
      "idp-type": "GENERIC",
      "sso-url": "https://my.idp.com/27011985/sso/saml",
      "sso-issuer": "https://my.idp.com/27011985",
      "username-attribute": "${NameID}"
    },
    {
      "id": 2,
      "name": "Another SAML SSO",
      "enabled": true,
      "certificate": "MI(...)TM",
      "sso-type": "SAML",
      "include-customer-logins": false,
      "enable-remember-me": true,
      "last-updated": "2021-09-22T11:57:07.392-03:00",
      "jit-configuration": {
        "user-provisioning-enabled": false,
        "mapping-display-name": "",
        "mapping-email": "",
        "mapping-groups": "",
        "additional-openid-scopes": []
      },
      "button-text": "Log in with another IdP",
      "idp-type": "GENERIC",
      "sso-url": "https://another.idp.com/12062019/sso/saml",
      "sso-issuer": "https://another.idp.com/12062019",
      "username-attribute": "${NameID}"
    }
  ],
  "size": 2,
  "start": 0,
  "limit": 50,
  "isLastPage": true
}


POST /rest/authconfig/1.0/idps

Create a new configuration for an IdP.

CONFLUENCE_PAT='My+PAT'
CONFLUENCE_BASE_URL=https://confluence.pawtucketbrewery.com

curl -s -X POST \
 -H "Authorization: Bearer ${CONFLUENCE_PAT}" \
 -H 'content-type: application/json' \
 -H 'Accept: application/json' \
 ${CONFLUENCE_BASE_URL}'/rest/authconfig/1.0/idps' \
 -d '{
  "name": "New SAML SSO",
  "enabled": true,
  "certificate": "(...)",
  "sso-type": "SAML",
  "enable-remember-me": true,
  "button-text": "Log in with the new IdP",
  "idp-type": "GENERIC",
  "sso-url": "https://new.idp.com/12062019/sso/saml",
  "sso-issuer": "https://new.idp.com/12062019",
  "username-attribute": "${NameID}",
  "jit-configuration": {
      "user-provisioning-enabled": false
    }
  }'
レスポンスの例...
{
  "id": 3,
  "name": "New SAML SSO",
  "enabled": true,
  "certificate": "(...)",
  "sso-type": "SAML",
  "include-customer-logins": false,
  "enable-remember-me": true,
  "last-updated": "2021-09-22T20:33:07.55-03:00",
  "jit-configuration": {
    "user-provisioning-enabled": false,
    "mapping-display-name": "",
    "mapping-email": "",
    "mapping-groups": "",
    "additional-openid-scopes": []
  },
  "button-text": "Log in with the new IdP",
  "idp-type": "GENERIC",
  "sso-url": "https://new.idp.com/12062019/sso/saml",
  "sso-issuer": "https://new.idp.com/12062019",
  "username-attribute": "${NameID}"
}


GET /rest/authconfig/1.0/idps/{id}

Get the configuration of an IdP.

CONFLUENCE_PAT='My+PAT'
CONFLUENCE_BASE_URL=https://confluence.pawtucketbrewery.com
CONFLUENCE_SSO_IDP_ID=1

curl -s -X GET \
 -H "Authorization: Bearer ${CONFLUENCE_PAT}" \
 -H 'Accept: application/json' \
 ${CONFLUENCE_BASE_URL}'/rest/authconfig/1.0/idps/'${CONFLUENCE_SSO_IDP_ID}
レスポンスの例...
{
  "id": 1,
  "name": "SAML SSO",
  "enabled": true,
  "certificate": "MI(...)eZ",
  "sso-type": "SAML",
  "include-customer-logins": false,
  "enable-remember-me": true,
  "last-updated": "2021-09-20T13:12:05.075-03:00",
  "jit-configuration": {
    "user-provisioning-enabled": false,
    "mapping-display-name": "",
    "mapping-email": "",
    "mapping-groups": "",
    "additional-openid-scopes": []
  },
  "button-text": "Log in with IdP 1",
  "idp-type": "GENERIC",
  "sso-url": "https://my.idp.com/27011985/sso/saml",
  "sso-issuer": "https://my.idp.com/27011985",
  "username-attribute": "${NameID}"
}


PATCH /rest/authconfig/1.0/idps/{id}

Change one or more attributes in the configuration of an IdP.

CONFLUENCE_PAT='My+PAT'
CONFLUENCE_BASE_URL=https://confluence.pawtucketbrewery.com
CONFLUENCE_SSO_IDP_ID=1

curl -s -X PATCH \
 -H "Authorization: Bearer ${CONFLUENCE_PAT}" \
 -H 'content-type: application/json' \
 -H 'Accept: application/json' \
 ${CONFLUENCE_BASE_URL}'/rest/authconfig/1.0/idps/'${CONFLUENCE_SSO_IDP_ID} \
 -d '{
  "enable-remember-me": false,
  "button-text": "Log in with patched IdP"
  }'
レスポンスの例...
{
  "id": 1,
  "name": "SAML SSO",
  "enabled": true,
  "certificate": "MI(...)eZ",
  "sso-type": "SAML",
  "include-customer-logins": false,
  "enable-remember-me": false,
  "last-updated": "2021-09-22T22:15:24.599-03:00",
  "jit-configuration": {
    "user-provisioning-enabled": false,
    "mapping-display-name": "",
    "mapping-email": "",
    "mapping-groups": "",
    "additional-openid-scopes": []
  },
  "button-text": "Log in with patched IdP",
  "idp-type": "GENERIC",
  "sso-url": "https://my.idp.com/27011985/sso/saml",
  "sso-issuer": "https://my.idp.com/27011985",
  "username-attribute": "${NameID}"
}


DELETE /rest/authconfig/1.0/idps/{id}

Delete one or more attributes in the configuration of an IdP.

CONFLUENCE_PAT='My+PAT'
CONFLUENCE_BASE_URL=https://confluence.pawtucketbrewery.com
CONFLUENCE_SSO_IDP_ID=1

curl -s -X DELETE \
 -H "Authorization: Bearer ${CONFLUENCE_PAT}" \
 ${CONFLUENCE_BASE_URL}'/rest/authconfig/1.0/idps/'${CONFLUENCE_SSO_IDP_ID}


参考情報


最終更新日: 2023 年 10 月 4 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.