Forge: enabling SAML

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

The content on this page relates to platforms which are not supported by Atlassian. Consequently, Atlassian cannot guarantee providing any support for it. Please be aware that this material is provided for your information only and using it is done so at your own risk.


To enable SAML in Forge:

  1. Enter your SAML metadata URL in the template. If Forge has already been deployed, spin down to 0 and and back up to 1 node to create a new node with the SAML configuration.
  2. Edit /home/forge/atl-cfn-forge/permissions.json on the node to add your groups, and configure their permissions. This file is provided for example only - you can use any groupname in your directory.


When configuring SAML with your Identity Provider (IDP) the following attributes need to be set:

User.Email
User.firstName
User.lastName

Example SAML response for a user:

<Attribute Name="User.Email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
    <AttributeValue>you@your_company.com</AttributeValue>
</Attribute>


For the groups, memberOf needs to be set.

Example SAML response for a group:

<Attribute Name="memberOf" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
    <AttributeValue>my_group1</AttributeValue>
    <AttributeValue>my_group2</AttributeValue>
</Attribute>


The SAML response should also contain the following:

setSubjectName = my_username 
setHttpDestination = https://my_node.my_company.com/saml/acs/
setAudience = https://my_node.my_company.com/
setRecipient = https://my_node.my_company.com/saml/acs/
最終更新日 2018 年 8 月 31 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.