Forge: enabling SAML
The content on this page relates to platforms which are not supported by Atlassian. Consequently, Atlassian cannot guarantee providing any support for it. Please be aware that this material is provided for your information only and using it is done so at your own risk.
To enable SAML in Forge:
- Enter your SAML metadata URL in the template. If Forge has already been deployed, spin down to 0 and and back up to 1 node to create a new node with the SAML configuration.
- Edit /home/forge/atl-cfn-forge/permissions.json on the node to add your groups, and configure their permissions. This file is provided for example only - you can use any groupname in your directory.
When configuring SAML with your Identity Provider (IDP) the following attributes need to be set:
User.Email User.firstName User.lastName
Example SAML response for a user:
<Attribute Name="User.Email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <AttributeValue>you@your_company.com</AttributeValue> </Attribute>
For the groups,
memberOf needs to be set.
Example SAML response for a group:
<Attribute Name="memberOf" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <AttributeValue>my_group1</AttributeValue> <AttributeValue>my_group2</AttributeValue> </Attribute>
The SAML response should also contain the following:
setSubjectName = my_username setHttpDestination = https://my_node.my_company.com/saml/acs/ setAudience = https://my_node.my_company.com/ setRecipient = https://my_node.my_company.com/saml/acs/