We have integrated both Jira and Confluence with Okta.
With Jira it was easy to configure the logout.url parameter since it was found in [jira_webdir]/WEB-INF/classes/seraph-config.xml
With confluence a little more work was involved as we needed to extract /opt/atlassian/confluence/confluence/WEB-INF/lib/confluence-6.1.2.jar, update logout section in the xwork.xml.
and repackage the jar file. Why is it that two applications from the same company have to configured in very different ways? Could we not have a generic way of configuring SSO that will be retained after upgrades?
Once configured how can we ensure that the login screens for both applications can never be accessible and ensure that authentication always happens through Okta? We dont want users to be able to manually login since it will bypass Okta and authenticate them through the application itself.
You got into a lot of trouble whilst you could just override the the login and logout actions, at least in confluence. Doing that, will ensure that authentication will happen through Okta.
Hi, sorry for the late reply, i didnt actually see the notifications.
This is how i did override the signup and editmyprofile, login/logout should be trivial
//imports
public class Signup extends SignUpAction {
@Override
public String execute() throws Exception {
//do what you need to do before for signup
//e.g. super.addFieldError("email", "Please use a real email address");
return super.doDefault();
}
}
First, you need to create a class in one if your packages, wherever you see fit that extends the LoginAction, just like the one i posted before but with extending the LoginAction.
Then you need to place the xml snippet within the atlassian-plugin.xml file. In your specific case the package with name=“usersDefault” is not needed, i just have it there for reference.
The remaining, you will have to adjust it for login as this is for signup: