Confluence Logout Url for Okta

avinash.singh · February 16, 2018, 11:45am

Hi,

We have integrated both Jira and Confluence with Okta.

With Jira it was easy to configure the logout.url parameter since it was found in [jira_webdir]/WEB-INF/classes/seraph-config.xml

With confluence a little more work was involved as we needed to extract /opt/atlassian/confluence/confluence/WEB-INF/lib/confluence-6.1.2.jar, update logout section in the xwork.xml.


<action name="logout" class="com.atlassian.confluence.user.actions.LogoutAction">
<interceptor-ref name="defaultStack"/>
<result name="error" type="velocity">/logout.vm</result>
<result name="success" type="redirect">https://oktapreview.com</result>
</action>

and repackage the jar file. Why is it that two applications from the same company have to configured in very different ways? Could we not have a generic way of configuring SSO that will be retained after upgrades?

Once configured how can we ensure that the login screens for both applications can never be accessible and ensure that authentication always happens through Okta? We dont want users to be able to manually login since it will bypass Okta and authenticate them through the application itself.

Regards,
Avinash

Panos · February 24, 2018, 11:42pm

You got into a lot of trouble whilst you could just override the the login and logout actions, at least in confluence. Doing that, will ensure that authentication will happen through Okta.

avinash.singh · February 26, 2018, 7:22am

Hi Panos,

For confluence where do you override the logout action?
This is the the article that I have followed:
https://confluence.atlassian.com/confkb/changing-the-destination-of-the-logout-link-225119623.html

Regards,
Avinash

Panos · March 13, 2018, 6:04pm

Hi, sorry for the late reply, i didnt actually see the notifications.
This is how i did override the signup and editmyprofile, login/logout should be trivial

<xwork name="ShowActivationPage" key="showActivation">
    <package name="signupDefault" extends="default" namespace="">
            <action name="signup" class="dk.mypackage.dcimteam.usermanagement.actions.Signup"
                    method="doDefault">
                <interceptor-ref name="defaultStack"/>
                <result name="input" type="velocity">/login.vm</result>
            </action>
            <action name="dosignup" class="dk.mypackage.dcimteam.usermanagement.actions.Signup">
                <interceptor-ref name="validatingStack"/>
                <result name="input" type="velocity">/login.vm</result>
                <result name="error" type="velocity">/login.vm</result>

                <result name="success" type="redirect">
                    /plugins/actions/activation/notValidated.action?redirect=${data.url}
                </result>
                <result name="email-sent" type="velocity">/email-sent.vm</result>
            </action>
        </package>
        <package name="usersDefault" extends="default" namespace="/users">
            <default-interceptor-ref name="validatingStack"/>
            <action name="editmyprofile" class="dk.mypackage.dcimteam.usermanagement.actions.EditMyProfile" method="doInput">
                <interceptor-ref name="defaultStack"/>
                <result name="input" type="velocity">/users/editmyprofile.vm</result>
            </action>

            <action name="doeditmyprofile" class="dk.mypackage.dcimteam.usermanagement.actions.EditMyProfile" method="doEdit">
                <param name="RequireSecurityToken">true</param>
                <result name="input" type="velocity">/users/editmyprofile.vm</result>
                <result name="error" type="velocity">/users/editmyprofile.vm</result>
                <result name="cancel" type="redirect">/users/viewmyprofile.action</result>
                <result name="success" type="redirect">/users/viewmyprofile.action</result>
            </action>
        </package>
    </xwork>

And java classes look like:

//imports
public class Signup extends SignUpAction {
 @Override
    public String execute() throws Exception {
        //do what you need to do before for signup
       //e.g. super.addFieldError("email", "Please use a real email address");
       return super.doDefault();
    }
}

avinash.singh · March 14, 2018, 8:00am

Thanks! Can you specify the files names please.

Panos · March 14, 2018, 2:20pm

Sorry, what do you mean?

avinash.singh · March 14, 2018, 2:34pm

Those 2 code snippets where we enter them?

Panos · March 14, 2018, 3:14pm

First, you need to create a class in one if your packages, wherever you see fit that extends the LoginAction, just like the one i posted before but with extending the LoginAction.

Then you need to place the xml snippet within the atlassian-plugin.xml file. In your specific case the package with name=“usersDefault” is not needed, i just have it there for reference.

The remaining, you will have to adjust it for login as this is for signup:

<xwork name="your_xwork_name" key="your_key">
<package name="loginDefault" extends="default">
			<interceptor-ref name="defaultStack" />
			<action name="login"
				class="the.full.package.of.class.you.created.before"
				method="doDefault">
				<interceptor-ref name="validatingStack" />
				<result name="input" type="velocity">/path/to/your/login.vm</result>
                                 <!-- or dispatch to w/e you wish -->
			</action>
			<action name="dologin"
				class="the.full.package.of.class.you.created.before"
				method="execute">
				<interceptor-ref name="validatingStack" />
				<result name="input" type="velocity">/templates/login.vm</result>
				<result name="error" type="velocity">/templates/login.vm</result>
				<result name="success" type="velocity">/templates/login.vm</result>
			</action>
		</package>
</xwork>

This is the way to provide your own login action with custom velocity. In your case you should adjust the results’ type to your needs.

This is my implementation of auth0: https://github.com/chmod/auth0-confluence you might get some inspiration from there