We have integrated both Jira and Confluence with Okta.
With Jira it was easy to configure the logout.url parameter since it was found in [jira_webdir]/WEB-INF/classes/seraph-config.xml
With confluence a little more work was involved as we needed to extract /opt/atlassian/confluence/confluence/WEB-INF/lib/confluence-6.1.2.jar, update logout section in the xwork.xml.
<action name="logout" class="com.atlassian.confluence.user.actions.LogoutAction"> <interceptor-ref name="defaultStack"/> <result name="error" type="velocity">/logout.vm</result> <result name="success" type="redirect">https://oktapreview.com</result> </action>
and repackage the jar file. Why is it that two applications from the same company have to configured in very different ways? Could we not have a generic way of configuring SSO that will be retained after upgrades?
Once configured how can we ensure that the login screens for both applications can never be accessible and ensure that authentication always happens through Okta? We dont want users to be able to manually login since it will bypass Okta and authenticate them through the application itself.