Advanced Settings
User Creation
Allow User Creation
Enabling this will allow you to create new users through SSO.
Directory for New User
After a successful SSO, if the user is not found in JIRA , a new user account will be created in the selected user directory.
Remote Directory Sync
The user details will be synced from the remote directory on successful SSO only if the user exists in the remote directory.
Request Parameters
Authorization Request Parameters
ACR Value
The ACR value parameter is used to request OpenID (OIDC) Provider to send additional information, which will be needed to determine the Level of Assurance of the user authentication.
State Parameter
The state parameter is used to protect against CSRF attack. The way to prevent CSRF in OAuth is to include a unique and non-guessable value in the authorization request that the client can verify in the response but that an attacker could not know. This unique and non-guessable value is the State Parameter. For some providers, sending this field in the request is optional but some providers don’t approve the request if a state parameter is not included. For the OpenID Providers supported by the add-on, this field is enabled by default.
Add Custom Parameters
It is used to add extra parameters which will be included in the authentication request.
For example :
Nonce
Nonce is a string value used to verify if a response is coming back from the same server to which the request had been sent. It associates a Client session with an ID Token, and to prevent replay attacks. A random nonce value is sent in the authentication request. This value is passed unmodified from the authentication request to the ID Token. If present in the ID Token, clients must verify that the nonce Claim Value is equal to the value of the nonce parameter sent in the authentication request. If present in the authentication request, authorization servers must include a nonce Claim in the ID Token with the claim value being the nonce value sent in the Authentication Request. Authorization Servers should perform no other processing on nonce values used. The nonce value is a case sensitive string
Response Validation
Public Key
A public key is a part of asymmetric cryptography. It is used to encrypt data and decrypt the signed data. Here you can fill this field with a public key provided by your OpenID (OIDC) Provider. The OpenID (OIDC) Providers send all the tokens by digitally signing them. So the public key is used to decrypt the signed tokens. The public key is used to confirm the identity of the OpenID (OIDC) Provider and to confirm that the token that has been received is unchanged.
JWKS EndPoint URL
The JSON Web Key Set (JWKS) is a set of keys containing the public keys used to verify any JSON Web Token (JWT) issued by the authorization server. OIDC providers send a signed JWT in the authorization response with the user information and the public keys provided by the JWKS endpoint are used to validate the JWT and allow that user to get a login.