Note : The information contained on this page does not create a joint venture, partnership, agency or other form of association, or an express or implied license grant by either party to the other under any patent, trademark, copyright, trade secret or other intellectual property right.
About OAuth 2.0:
OAuth 2.0 is an authorization framework that enables applications to obtain limited access to user accounts on an HTTP service, such as Facebook, Google, and Windows. It works by delegating user authentication to the service that hosts the user account, and authorizing third-party applications to access the user account. OAuth 2 provides authorization flows for web and desktop applications, and mobile devices.
How miniOrange OAuth Client add-on works?
Confluence OAuth Client add-on:
OAuth Client for Confluence allows users to sign into Confluence with your custom OAuth 2.0 compliant client, such as Google, Facebook, Windows, Slack, Discord, Gitlab and Meetup. OAuth Client for Confluence acts as an OAuth 2.0 Service Provider and securely authenticates users with your OAuth 2.0 Identity Provider.
Features of miniOrange OAuth Client addon for Confluence:
|Features||miniOrange OAuth Client Add-on|
|Custom OAuth Providers||Allows you to configure any custom OAuth provider that supports OAuth 2.0 protocol.|
|Attribute Mapping||Attribute Mapping helps you to get user attributes from your IdP and map them to Confluence user attributes.|
|Group Mapping||Group Mapping allows you to assign roles to auto-created users in Confluence according to their Roles/Groups in IdP|
|Domain Restriction||Allow users to login to specific domains. You can map multiple domains at a time.|
|Test Configurations||Allows you to quickly make sure that configurations are right and the OAuth provider returns the reqested user attributes.|
|Unlimited Authentication||Perform unlimited authentication.|
|Add OAuth Login Button on your site||Add custom button on SP's login page to perform corporate login.|
|Support||Immediate response and support form in each plugin to ease query submission process.|
Popular OAuth Providers:
Below are some of the details you will need to configure your OAuth Provider in the Confluence OAuth Client add-on.
- Scope: email
- Authorize Endpoint: https://accounts.google.com/o/oauth2/auth
- Access Token Endpoint: https://www.googleapis.com/oauth2/v3/token
- User Info Endpoint: https://www.googleapis.com/oauth2/v1/userinfo?alt=json&access_token=
- Scope: email
- Authorize Endpoint: https://www.facebook.com/dialog/oauth
- Access Token Endpoint: https://graph.facebook.com/v2.8/oauth/access_token
- User Info Endpoint: https://graph.facebook.com/me/?fields=id,name,email,age_range,first_name,gender,last_name,link&access_token=
- Scope: User.Read
- Authorize Endpoint: https://login.live.com/oauth20_authorize.srf
- Access Token Endpoint: https://login.live.com/oauth20_token.srf
- User Info Endpoint: https://apis.live.net/v5.0/me
- Scope: identity.basic,identity.email,identity.team,identity.avatar
- Authorize Endpoint: https://slack.com/oauth/authorize
- Access Token Endpoint: https://slack.com/api/oauth.access
- User Info Endpoint: https://slack.com/api/users.identity?token=
- Scope: email
- Authorize Endpoint: https://discordapp.com/api/oauth2/authorize
- Access Token Endpoint: https://discordapp.com/api/oauth2/token
- User Info Endpoint: https://discordapp.com/api/users/@me
- Scope: email
- Authorize Endpoint: https://gitlab.com/oauth/authorize
- Access Token Endpoint: https://gitlab.com/oauth/token
- User Info Endpoint: https://gitlab.com/api/v4/user
- Scope: email
- Authorize Endpoint: https://secure.meetup.com/oauth2/authorize
- Access Token Endpoint: https://secure.meetup.com/oauth2/access
- User Info Endpoint: https://api.meetup.com/2/member/self/
Other OAuth Providers we support
- Other OAuth Providers the add-on supports includes Foursquare, Harvest, Mailchimp, Bitrix24, Spotify, Vkontakte, Huddle, Reddit, Strava, Ustream, Yammer, RunKeeper, Instagram, SoundCloud, Pocket, PayPal, Pinterest, Vimeo, Nest, Heroku, DropBox, Buffer, Box, Hubic, Deezer, DeviantArt, Delicious, Dailymotion, Bitly, Mondo, Netatmo, Amazon, WHMCS etc.
Follow the Step-by-Step Guide given below for Atlassian Confluence Single Sign On (SSO) using OAuth
Step 1: Download and installation
- Login as administrator in Confluence.
- Click the admin dropdown and choose Add-ons.
- The Manage add-ons screen loads.
- Click Find new add-ons from the left-hand side of the page.
- Locate OAuth Client for Confluence via search.
- Results include add-on versions compatible with your Confluence instance.
- Click Install to download the add-on.
Step 2: Configure the OAuth Provider
- Click on Configure button after installing the add-on.
- Configure your OAuth Provider.
- If your OAuth Provider is Google, Facebook, Slack, Discord, Windows, Gitlab or Meetup then select your OAuth Provider from Select Application dropdown menu else Select Custom App.
- Enter the Client ID and Client Secret from the app configured in the OAuth Provider.
- If you are using Custom OAuth provider, enter the Authorize endpoint URL, Access Token endpoint URL, User Info endpoint URL of the OAuth Provider.
- To fetch group info of the user, enter Group Info endpoint URL. (optional)
- You can contact us at firstname.lastname@example.org, if you need any help in fetching endpoints from your OAuth Provider.
- If your OAuth provider requires the callback URL to be configured at its end, then configure the URL mentioned in Callback URL field.
- Following is the screenshot for Custom App as your OAuth Provider:
Step 3: Test Configuration
- Click on the Test Configuration button to perform OAuth requests and fetch user attributes from the OAuth Provider.
- The below screenshot shows successful test result.
- This screenshot shows the user attributes that are received.
- This screenshot shows the group attributes that are received. (If you have configured group info enpoint.)
Step 4: Attribute mapping (optional)
- Attribute Mapping helps you to get user attributes from your IdP and map them to Confluence user attributes.
- Please refer to attributes received in successful Test configuration and use them for Attribute Mapping.
- Enabling Disable Attribute Mapping checkbox will disable attribute mapping for existing users. New users will be created with attribute mapping defined.
- Username and email can be mapped depending upon the attribute name mentioned in the field.
- Also Full Name or Separate Name(i.e First and Last Name)attributes are given as options according to Confluence user attributes
- While auto registering the users, these attributes will automatically get mapped to your Confluence user details.
Step 5: Group mapping (optional)
- Confluence plugin maps groups from your OAuth Provider to groups in Confluence.
- Confluence uses a concept of Groups, designed to give the site owner the ability to control what groups can and cannot do within the site.
- In Group Attribute enter the attribute name given against group value of Test Configuration for the user.
- Clicking Restrict User Creation checkbox will allow user creation for only those groups whose group is mapped to Confluence groups in Group Mapping tab. If unchecked, users whose groups are not mapped to Confluence groups, they will not be allowed to login to Confluence.
- Enabling Disable Group Mapping checkbox will disable group mapping for existing users. New users will be created with the Default Group or the group assigned to them in mapping.
- Confluence has two pre-defined groups where users are mapped: Confluence-administrator and Confluence-users.
- Group mapping helps you to assign specific groups to users of a Confluence group from your OAuth Provider.
Step 6: OAuth Sign In Settings
There are different ways to login to your Atlassian Confluence Website.
- Login Button Text make your organization's SSO easy for Confluence users to recognize. This login button will appear on Confluence login page.
- Set Relay State to redirect all users to a particular URL after SSO login. (optional)
- If you want to allow users to login of specific domains only, then you can map them in Allowed Domains. To allow multiple domains, mention domain names by semicolon(;) separated in the field. (optional)
For further details refer :