Confluence Data Center で SSO を設定するために利用できる REST API のリスト

関連コンテンツ

  • 関連コンテンツがありません

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問


プラットフォームについて: Data Center のみ - この記事は、Data Center プラットフォームのアトラシアン製品にのみ適用されます。

要約

Confluence Data Center is bundled with the SSO for Atlassian Server and Data Center App (Atlassian SSO App), with which administrators can configure SSO authentication using SAML 2.0 or OIDC with the preferred Identity Provider (IdP) supporting these standards.
Check SAML single sign-on for Atlassian Data Center applications for further details about the Atlassian SSO App.

This App has some private REST APIs to allow checking and editing its configuration. This document highlights these APIs and provide examples of usage.
Being private APIs mean they may change without necessarily following the Atlassian REST API policy.

環境

Confluence Data Center 7.13.0

  • Although this document references Confluence, it may be used by administrators of Jira and Bitbucket when configuring SSO.

SSO for Atlassian Server and Data Center 4.2.5

  • These methods were made available since App version 4.2.0.

ソリューション

GET /rest/authconfig/1.0/login-options

Show all enabled authentication options.

CONFLUENCE_PAT='My+PAT'
CONFLUENCE_BASE_URL=https://confluence.pawtucketbrewery.com

curl -s -X GET \
 -H "Authorization: Bearer ${CONFLUENCE_PAT}" \
 -H 'Accept: application/json' \
 ${CONFLUENCE_BASE_URL}'/rest/authconfig/1.0/login-options'
Example response... 
{
  "results": [
    {
      "type": "LOGIN_FORM",
      "id": 0
    },
    {
      "type": "IDP",
      "id": 1,
      "button-text": "Log in with IdP 1",
      "login-link": "https://confluence.pawtucketbrewery.com/plugins/servlet/external-login/1"
    },
    {
      "type": "IDP",
      "id": 2,
      "button-text": "Log in with another IdP",
      "login-link": "https://confluence.pawtucketbrewery.com/plugins/servlet/external-login/2"
    }
  ],
  "size": 3,
  "start": 0,
  "limit": -1,
  "isLastPage": true
}


GET /rest/authconfig/1.0/idps

Get detailed configuration from all IdPs.

CONFLUENCE_PAT='My+PAT'
CONFLUENCE_BASE_URL=https://confluence.pawtucketbrewery.com

curl -s -X GET \
 -H "Authorization: Bearer ${CONFLUENCE_PAT}" \
 -H 'Accept: application/json' \
 ${CONFLUENCE_BASE_URL}'/rest/authconfig/1.0/idps'
Example response... 
{
  "results": [
    {
      "id": 1,
      "name": "SAML SSO",
      "enabled": true,
      "certificate": "MI(...)AHM",
      "sso-type": "SAML",
      "include-customer-logins": false,
      "enable-remember-me": true,
      "last-updated": "2021-09-20T13:12:05.075-03:00",
      "jit-configuration": {
        "user-provisioning-enabled": false,
        "mapping-display-name": "",
        "mapping-email": "",
        "mapping-groups": "",
        "additional-openid-scopes": []
      },
      "button-text": "Log in with IdP 1",
      "idp-type": "GENERIC",
      "sso-url": "https://my.idp.com/27011985/sso/saml",
      "sso-issuer": "https://my.idp.com/27011985",
      "username-attribute": "${NameID}"
    },
    {
      "id": 2,
      "name": "Another SAML SSO",
      "enabled": true,
      "certificate": "MI(...)TM",
      "sso-type": "SAML",
      "include-customer-logins": false,
      "enable-remember-me": true,
      "last-updated": "2021-09-22T11:57:07.392-03:00",
      "jit-configuration": {
        "user-provisioning-enabled": false,
        "mapping-display-name": "",
        "mapping-email": "",
        "mapping-groups": "",
        "additional-openid-scopes": []
      },
      "button-text": "Log in with another IdP",
      "idp-type": "GENERIC",
      "sso-url": "https://another.idp.com/12062019/sso/saml",
      "sso-issuer": "https://another.idp.com/12062019",
      "username-attribute": "${NameID}"
    }
  ],
  "size": 2,
  "start": 0,
  "limit": 50,
  "isLastPage": true
}


POST /rest/authconfig/1.0/idps

Create a new configuration for an IdP.

CONFLUENCE_PAT='My+PAT'
CONFLUENCE_BASE_URL=https://confluence.pawtucketbrewery.com

curl -s -X POST \
 -H "Authorization: Bearer ${CONFLUENCE_PAT}" \
 -H 'content-type: application/json' \
 -H 'Accept: application/json' \
 ${CONFLUENCE_BASE_URL}'/rest/authconfig/1.0/idps' \
 -d '{
  "name": "New SAML SSO",
  "enabled": true,
  "certificate": "(...)",
  "sso-type": "SAML",
  "enable-remember-me": true,
  "button-text": "Log in with the new IdP",
  "idp-type": "GENERIC",
  "sso-url": "https://new.idp.com/12062019/sso/saml",
  "sso-issuer": "https://new.idp.com/12062019",
  "username-attribute": "${NameID}",
  "jit-configuration": {
      "user-provisioning-enabled": false
    }
  }'
Example response... 
{
  "id": 3,
  "name": "New SAML SSO",
  "enabled": true,
  "certificate": "(...)",
  "sso-type": "SAML",
  "include-customer-logins": false,
  "enable-remember-me": true,
  "last-updated": "2021-09-22T20:33:07.55-03:00",
  "jit-configuration": {
    "user-provisioning-enabled": false,
    "mapping-display-name": "",
    "mapping-email": "",
    "mapping-groups": "",
    "additional-openid-scopes": []
  },
  "button-text": "Log in with the new IdP",
  "idp-type": "GENERIC",
  "sso-url": "https://new.idp.com/12062019/sso/saml",
  "sso-issuer": "https://new.idp.com/12062019",
  "username-attribute": "${NameID}"
}


GET /rest/authconfig/1.0/idps/{id}

Get the configuration of an IdP.

CONFLUENCE_PAT='My+PAT'
CONFLUENCE_BASE_URL=https://confluence.pawtucketbrewery.com
CONFLUENCE_SSO_IDP_ID=1

curl -s -X GET \
 -H "Authorization: Bearer ${CONFLUENCE_PAT}" \
 -H 'Accept: application/json' \
 ${CONFLUENCE_BASE_URL}'/rest/authconfig/1.0/idps/'${CONFLUENCE_SSO_IDP_ID}
Example response... 
{
  "id": 1,
  "name": "SAML SSO",
  "enabled": true,
  "certificate": "MI(...)eZ",
  "sso-type": "SAML",
  "include-customer-logins": false,
  "enable-remember-me": true,
  "last-updated": "2021-09-20T13:12:05.075-03:00",
  "jit-configuration": {
    "user-provisioning-enabled": false,
    "mapping-display-name": "",
    "mapping-email": "",
    "mapping-groups": "",
    "additional-openid-scopes": []
  },
  "button-text": "Log in with IdP 1",
  "idp-type": "GENERIC",
  "sso-url": "https://my.idp.com/27011985/sso/saml",
  "sso-issuer": "https://my.idp.com/27011985",
  "username-attribute": "${NameID}"
}


PATCH /rest/authconfig/1.0/idps/{id}

Change one or more attributes in the configuration of an IdP.

CONFLUENCE_PAT='My+PAT'
CONFLUENCE_BASE_URL=https://confluence.pawtucketbrewery.com
CONFLUENCE_SSO_IDP_ID=1

curl -s -X PATCH \
 -H "Authorization: Bearer ${CONFLUENCE_PAT}" \
 -H 'content-type: application/json' \
 -H 'Accept: application/json' \
 ${CONFLUENCE_BASE_URL}'/rest/authconfig/1.0/idps/'${CONFLUENCE_SSO_IDP_ID} \
 -d '{
  "enable-remember-me": false,
  "button-text": "Log in with patched IdP"
  }'
Example response... 
{
  "id": 1,
  "name": "SAML SSO",
  "enabled": true,
  "certificate": "MI(...)eZ",
  "sso-type": "SAML",
  "include-customer-logins": false,
  "enable-remember-me": false,
  "last-updated": "2021-09-22T22:15:24.599-03:00",
  "jit-configuration": {
    "user-provisioning-enabled": false,
    "mapping-display-name": "",
    "mapping-email": "",
    "mapping-groups": "",
    "additional-openid-scopes": []
  },
  "button-text": "Log in with patched IdP",
  "idp-type": "GENERIC",
  "sso-url": "https://my.idp.com/27011985/sso/saml",
  "sso-issuer": "https://my.idp.com/27011985",
  "username-attribute": "${NameID}"
}


DELETE /rest/authconfig/1.0/idps/{id}

Delete one or more attributes in the configuration of an IdP.

CONFLUENCE_PAT='My+PAT'
CONFLUENCE_BASE_URL=https://confluence.pawtucketbrewery.com
CONFLUENCE_SSO_IDP_ID=1

curl -s -X DELETE \
 -H "Authorization: Bearer ${CONFLUENCE_PAT}" \
 ${CONFLUENCE_BASE_URL}'/rest/authconfig/1.0/idps/'${CONFLUENCE_SSO_IDP_ID}


参考情報

SSO for Atlassian Server and Data Center

SSO for Atlassian Data Center and Server applications

Atlassian REST API policy

Atlassian REST API Browser



最終更新日 2021 年 9 月 30 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する

関連コンテンツ

  • 関連コンテンツがありません
Powered by Confluence and Scroll Viewport.