setup SSO for Jira 8.1 and confluence with cas - single-sign-on

I am configuring JIRA and confluence with sso using jasig cas step by step details given here is not full setup of CAS and JIRA configuration. how can i configure cas with Jira and confluence?
also tried to setup using saml and keycloak but was not able to make it work

Related

CAS Server 5.3 configuration with SAML 1.1

I am very new in this IAM and SSO area. I am trying to setup CAS server which support SAML1.1, I have gone through cas v5.3 documentation and followed the instruction there but still I am not able to setup CAS server with SAML1.1 support.
I am looking for any documentation which can help me to do so that would be great as I am not sure how I can enable SAML 1.1 support.

Configuring Liferay 7.2 OpenID Connect for Keycloak?

I have a fresh Liferay 7.2 and Keycloak 7 install
I created a Keycloak Client for Liferay
I enable Openid Connect in Liferay
In Liferay I configure an OpenID Connect provider with the Keycloak OpenID Connect discovery endpoint
In Liferay
I click Login, Login is presented
I click OpenID Connect, OpenID Connect Login page is presented
I click Login with the Keycloak provider selected, the browser is redirected to the Keycloak log in page
I enter my user and password and Click log in
My browser is redirected back to Liferay
In the Liferay the console looks like this https://gist.github.com/smitopher/ca8bcb2ccb564eff3a42a1944e8daed7
and the browser shows a Liferay Internal Server Error message
Any suggestions?
Some further debugging shows that When Liferay calls the Keycloak token endpoint, Keycloak returns a 400 http status and an invalid grant message.
I ran into the same problem but later stumbled across a blog post showing a successful configuration which I've reproduced with Liferay 7.2 + Keycloak 4.8.
The key difference between the failures and successes appears to be skipping auto-discovery and instead to populate the individual settings directly. It would appear that Liferay doesn't like something in Keycloaks discovery endpoint.
I recommend updating the Keycloak version and checking the correct Liferay configuration by consulting the official Liferay documentation Authenticating with OpenID Connect. You can also consult the article How to connect Keycloak and Liferay via OpenID Connect
Remember that Keycloak and Liferay must be able to communicate with each other via the HTTP / HTTPS protocol.

WSO2 IS 5.3.0 - IWA authentication option not available

We are using WSO2 Identity Server for user authentication.
We have upgraded from WSO2 IS 5.2.0 version to WSO2 IS 5.3.0.
We are using the IWA (Integrated Windows Authentication) for user authentication for our applications.
In WSO2 5.3.0 version we do not see the option to select IWA under the Authentication Type “Local Authentication” while registering the application under “Service Provider”. This option was available in WSO2 IS 5.2.0 and we were able to use it properly.
Can you please let us know if this feature is deprecated or disabled in the WSO2 IS 5.3.0 version? Please let us know the steps to enable IWA in WSO2 IS 5.3.0
From IS 5.3.0 onwards we moved to Kerberos based IWA Authentication. The motive behind this decision was to overcome the limitations faced in NTLM based IWA.
To mention a few, NTLM based IWA forced the WSO2 Identity Server to be run on Windows and the AD was required to plugged in as the primary user store.
To read more about IWA Authentication using Kerberos please refer this blog.
So to answer,
Can you please let us know if this feature is deprecated or disabled
in the WSO2 IS 5.3.0 version? Please let us know the steps to enable
IWA in WSO2 IS 5.3.0
Yes, we deprecated the NTLM based IWA Authenticator in IS 5.3.0. However, for the benefit of the users preferring to use the NTLM based authenticator we have the tag compatible with IS 5.3.0.
You can build the tag and drop the authenticator jar to IS_HOME/repository/components/dropins. Then you should be able to see the authenticator listed under local authenticators and use it as in IS 5.2.0
Are you sure it is activated in your installed instance :
Open the <wso2is_home>/repository/conf/security/authenticators.xml file and add the following lines inside the <Authenticators> tag.
<Authenticator name="IWAUIAuthenticator" disabled="false">
<Priority>5</Priority>
</Authenticator>
Source : https://docs.wso2.com/display/IS530/Configuring+IWA+Single-Sign-On
Jeff

AEM 6.2 SSO (SAML) Integration

I'm trying to integrate a SSO SAML provider into a local AEM instance for testing. First I tried this article: https://helpx.adobe.com/experience-manager/kb/simple-saml-demo.html , when starting the AEM, user is redirected to the ssocircle login page, but after the login, it stucks in an infinite recaptcha page redirects. So i assumed that the article and setup was for AEM 6. I went next to this article: http://www.aemstuff.com/blogs/july/saml.html which looks promising for AEM 6.1 and probably 6.2. In that article the identity provider has 'blogsaml.com' as it's host name. I couldn't find any provider under this domain.
my questions are:
1- How can i get rid of the recaptcha loop, and get back to AEM after the login in open circle?
2- is there the possibility to get a "IdP certificate" from ssocircle? (and what exactly is this cert?)
3- is there any other free to use / try sso provider that could be used with AEM?
4- any other tutorials/ articles for integrating a free sso in AEM is welcomed.
We get AEM 6.2 with an SSO Circle Pro account running.
Key changes from the setup in https://helpx.adobe.com/experience-manager/kb/simple-saml-demo.html
and http://www.aemstuff.com/blogs/july/saml.html were:
using the old certificate from SSO Circle: https://www.ssocircle.com/en/public-idp-configuration-deprecated/
Apache Sling Service User Mapper Service Amendment :"com.adobe.granite.auth.saml=authentication-service"
Making sure the authentication-service has all read/write permissions.
and setting the default group to 'contributor' in the SAML 2 configMgr instead of "administrators" from the config package from the first adobe docs link.

liferay 7 cas not logined

I'm newbie to liferay 7,I want to integrate liferay 7 with CAS without ldap.
my liferay's version is DXP, CAS server's version is 4.0.0.
I have installed liferay on localhost:8080,CAS server is on one of my server machine over ssl.
I have successfully integrated CAS. After this I have configured CAS authentication in liferay that is in Configuration->Instance Setting->Authentication under this CAS tab.
When I try to login im getting following url:
http://localhost:8080/?ticket=ST-23-d3Dvgf5h56Fa3ptUf5wEc-cas01.example.org
Although ticket is generating,but I'm not able to access admin panel.
Please help, Thanks
I have followed all the instructions in this manual
https://web.liferay.com/web/nidhi.singh/blog/-/blogs/liferay-intregation-with-cas-and-ldap
and everything works perfectly!