Atlassian Cloud SSO (Single Sign-On) for WSO2 using OAuth Provider

Atlassian Cloud OAuth Single Sign-On (SSO) with WSO2

With Jira OAuth Single Sign-On (SSO) for Atlassian Cloud, you can securely log in to Atlassian Cloud using your WSO2 credentials. This app allows you to implement seamless Single Sign-On (SSO) for Atlassian Cloud accounts using existing WSO2 credentials.

    Try it for free

Pre-requisites

  1. Atlassian Guard (Atlassian Access) Subscription:
    Atlassian Guard is an additional subscription applied across the Atlassian Cloud products, like Jira Software, Jira Service Management, Jira Work Management, Confluence, and Bitbucket. It is needed for Single Sign-On (SSO) or any Cloud Service across Atlassian Cloud products.
  2. Domain Verification:
    Atlassian Guard requires the Domain Verification process to enforce SSO on the managed user accounts. This process verifies that you own a valid domain for managing the user accounts and use the same domain name for the email addresses.

Download and Installation

  • Log in to your Atlassian Admin Console and select your site.
  • Now, in the left sidebar, scroll down to the Apps section. Under Apps, select Site, which will open the site settings page.
  • In the Site Settings, navigate to Connected Apps → Explore apps. (Alternatively, you can go to the Atlassian Marketplace and search for the app.)
  • Search for miniOrange OAuth/OpenID SSO.
  • Click “Try it free” to begin a new trial of the app.
  • On the top menu bar, go to Apps.
  • Locate the “mO Jira OAuth/OpenID SSO” app and click to open it.

In this guide, we will demonstrate the setup in three parts:

  1. Configure OAuth SSO connection between miniOrange App (as OAuth Client) and WSO2 (as OAuth Provider).
  2. Configure SAML SSO connection between Atlassian Guard (as SP) and miniOrange App (as IDP).
  3. Add users to the SSO Authentication policy, and enforce the SSO.

Step 1. Configure SSO connection between miniOrange App with WSO2

  • Once the plugin is installed, select the Apps section from the sidebar menu and click on mO Jira OAuth/OIDC SSO option.
    • Jira app main menu with the Apps section open and the mO Jira OAuth/OIDC SSO app highlighted
  • Next, you will be prompted with a welcome pop-up window. Click Start Configuration.
    • Welcome window of mO Jira OAuth/OIDC SSO app.
  • Now, in the Configured Providers section, click the "Add Provider" button.
    • Configured providers section in the mO Jira OAuth/OIDC SSO app
  • Select WSO2 as the application.
  • And copy the callback URL from the OAuth / OIDC Provider Configurations page and keep it handy, as you'll need it to configure WSO2 as the OAuth provider.
    • OAuth / OIDC Provider Configurations tab in the mO Jira OAuth/OIDC SSO app

Part 1. Setup WSO2 as IDP

  • First, let’s register this Consumer App in WSO2 IS. Download and start WSO2 IS.
    • WSO2 sign in page
  • Once logged in, go to Main -> Service Provider and click on Add.
    • WSO2 service providers section with Add button highlighted
  • Enter the Service Provider Name and Description and click on Register.
    • WSO2 add new service provider page with Service Provider Name and Description fields highlighted
  • Now go to the Service Provider -> List and edit the Service Provider you have created.
  • Scroll down and select Inbound Authentication Configuration and then select OAuth/OpenID Connect Configuration and click on Configure.
    • WSO2 service providers configure page with Inbound Authentication Configuration and OAuth/OpenID Connect Configuration buttons highlighted
  • You will get the Callback URL/Redirect URL from Step 2.
  • Copy the Callback URL and paste it in the field. Click on Add.
    • WSO2 register new application page with Callback URL field highlighted
  • When the app has been added, Client ID and Client Secret are generated for the application. Configure the WordPress OAuth SSO plugin with Client ID, Client Secret, Authentication and Access Token, Get User Info Endpoint of WSO2. Endpoints are provided at the bottom of this guide.
    • WSO2 OAuth client key and secret page with Client ID and Client Secret fields highlighted
  • Attribute Mapping: To get attributes from WSO2 you have to add the following Claim URIs in your WSO2 application.
  • Go to Service Provider->Claim Configuration.
  • Select https://wso2.org/claims/emailaddress from Subject Claim URI dropdown.
  • Add following URIs in Service Provider Claim Dialect: https://wso2.org/oidc/claim & https://wso2.org/claims
    • WSO2 claim configuration page with Subject Claim URI and Service Provider Claim Dialect fields highlighted
  • You have successfully completed your WSO2 Server side configurations.

Part 2. Setup miniOrange as Service Provider

  • Go to miniOrange Admin Console.
  • From the left navigation bar select Identity Provider.
    • miniOrange Identity Provider section with Add New IDP button highlighted
  • Select the OAuth tab.
    • miniOrange add new IDP page with OAuth tab selected
  • Enter the following values.
IdP Name Custom Provider
IdP Display Name Choose appropriate Name
OAuth Authorize Endpoint https://<wso2-app-domain>/oauth2/authorize
OAuth Access Token Endpoint https://<wso2-app-domain>/oauth2/token
OAuth Get User Info Endpoint (optional) https://<wso2-app-domain>/oauth2/userinfo
Client ID From Part 1
Client secret From Part 1
Scope openid

Part 3. Test connection between miniOrange and WSO2

  • Go to the miniOrange Admin Dashboard.
  • Go to Identity Providers tab. Then click on the select button under the app you just created. Then click on Test Connection.
  • A new popup login window will open. Enter your credentials and login.
    • miniOrange view IDPs test connection page with Test Connection button highlighted
  • Next, return to the miniOrange App configuration page. (OAuth / OIDC Provider Configurations )
  • Enter Client ID, Client Secret, Scopes (such as openid, email, etc.), and other required endpoints, and click Save Configuration.
    • mO Jira OAuth/OIDC SSO app configuration page where Client ID, Client Secret, Scopes, and other required endpoints can be entered

Step 2. Set up SSO between Atlassian Guard and miniOrange App

After saving the OAuth Configuration, you’ll be required to configure Atlassian Guard and the miniOrange OAuth/OIDC SSO App.

  • A pop-up notification will appear, asking you to complete the Atlassian Guard configuration.
    • Pop-up notification asking to complete the Atlassian Guard configuration
  • Click on Configure Guard, and you will be navigated to the Guard Configurations section.
  • In this section, you will find the Plugin Metadata details.
  • Copy and keep the following values handy. You’ll need them while setting up your Identity Provider in Atlassian Guard:
    • IDP Entity ID
    • IDP SSO URL
    • IDP Public X.509 Certificate
      • Atlassian Guard configurations page where Plugin Metadata details can be found
    1. Open the Atlassian Admin Console and navigate to the Security tab.
      2. Note: In case you manage multiple organizations, you’ll have to select the intended one after accessing the admin console.
    2. Under User Security, click Identity Providers.
    3. Select Other to begin configuring a custom Identity Provider.
      4. Atlassian Guard security page where Identity Providers section can be found
  • Provide an appropriate name, select Set up SAML Single Sign-On, and click Next.
  • Now, paste the IDP Entity ID, IDP SSO URL, and Public X.509 Certificate that you copied from the plugin configuration.
    • Atlassian Guard configurations page where IDP Entity ID, IDP SSO URL, and Public X.509 Certificate can be pasted
  • Click Next and copy the Service Provider Entity ID and Service Provider Assertion Consumer Service URL. Keep these handy as they’re required to complete the plugin configuration.
  • Complete the rest of the Atlassian Guard configuration.
  • Once you’re done, return to the plugin, go to the SP Metadata tab in the Guard Configurations section, and click Next.
  • Enter the SP Entity ID and Assertion Consumer Service (ACS) URL that you copied, and click Save Settings.
    • Atlassian Guard configurations page where SP Metadata tab can be found

Step 3: Configure SSO Authentication Policy

Once all the SSO Configurations are done, you need to add users to the Authentication Policy and enforce Single Sign On.

After saving the SP Metadata, click Next to find the steps for adding the users to the Authentication policy.

Atlassian Guard configurations page where Authentication Policy tab can be found

Now you can now seamlessly enjoy Single-Sign On into Atlassian with your preferred OAuth provider, with our miniOrange app.

OAuth Saml App

Did this page help you?

miniOrange Atlassian Contact Us

Book a Free Consultation with
Our Experts Today!

Schedule a call now!


Contact Us