Skip to end of metadata
Go to start of metadata

Description

The Client Certificate Authentication solution is a JAR made for Atlassian JIRA, Confluence, Bamboo and Bitbucket (Server) / Stash. 

When users try to access any one of the Atlassian tools, the browser will prompt them to select their certificate. Users will then be automatically logged into the application if their username already has an account.

To enable this integration, you will need to have the Atlassian application integrated with Apache via a reverse proxy.

Introduction

This document describes using client certificates as an authentication mechanism in JIRA. In the terms of smart cards, certificates are still passes from the smart card into the browser via the smart card client.

The method described here will allow JIRA to use client certificates for authentication without a password.

Notes

  • If you find yourself without a valid certificate and locked out of JIRA, you may need to effectively undo all the plugin setup to log in with a regular JIRA account again
  • If your certificate contains more than one identify, the first valid identify will be used
  • The plugin assumes that the user ID is contained in the CN entry
    • If that is not the case in your certificate, a minor code customization will be necessary

  1. This is the diagram for first access
  2. As certificates can be installed directly into the browser, depending on your browser settings, users will either be prompted for the certificate or the default certificate will be automatically used and validated
  3. This setup requires administrators to setup a User Directory before hand
    1. This User Directory will be used to pull user, groups and the memberships
    2. Runs every xx minutes to make sure that they sync is up to date

  1. This is the diagram for first access
  2. As certificates can be installed directly into the browser, depending on your browser settings, users will either be prompted for the certificate or the default certificate will be automatically used and validated