Backup and Restore

This tab provides an option to download or upload the SAML SSO plugin’s configurations. This is very useful as it helps to:

1. Transfer configuration file: If you are moving from Test instance to Production instance, there is no need for re-configuring plugin again on the production instance.You can simply download the configurations from the test instance and upload them to the production. Also, if you want to move your settings from one instance to another, this feature will help.

2. Backup: You can take backups of the working configurations for future use for disaster recovery.

3. Troubleshoot: If the user faces problems during SSO, the configuration file can be sent to support team for debugging and fixing.

This tab has the following options:

Download /Upload App configuration manually

  • Download App Configuration: Downloads all the app configurations in a JSON file.
  • Import App Configuration: You can upload the previously downloaded file to restore the app configurations.

Configure / Fetch App configuration via REST API

Fetch App Configuration:

Request Method HTTP GET
URL <application_base_URL>/plugins/servlet/configureplugin
Content Type application/json
Authorization Basic <base64 encoded admin_username:password>

Update App Configuration:

Request Method HTTP POST
URL <application_base_URL>/plugins/servlet/configureplugin
Content Type application/json
Authorization Basic <base64 encoded admin_username:password>
Body Raw format(application/json). Below given an example

Example Raw format data to be send/receive in body

    “PLUGIN_NAME”: “JIRA SSO / Single Sign On, JIRA SAML SSO”,
    “PLUGIN_VERSION”: “2.0.0”,
    “Identity Providers”: [
    “ID”: “7aaefbb6-cf0a-49a7-a17a-22b98ba159e6”,
    “Name”: “IdP_1”, 

    “Configure SP”: {         

    /*This allows software users to perform SSO*/

    “Send Signed Requests”: true,

    /*SSO binding Type decides how request message should be send to IdP*/

    “SSO Binding Type”: “HttpRedirect”,

    /*Binding Type decides how request message should be send to IdP.*/

    “SLO Binding Type”: “HttpRedirect”,

    /*NameID is considered as a unique identifier of the user performing SSO.*/

    “NameID Format”: “urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified”,

    /*The authentication context indicates how a user authenticated at an Identity Provider*/

    “Authn Context Class”: “None”,

    /*This allows software users to perform SSO*/

    “Other Authn Context Class”: “”,

    /*This is the public signing certificate provided by the IdP.*/

    “IdP Signing Certificates”: [“—–BEGIN CERTIFICATE—–\r\…\r
—–END CERTIFICATE—–“], /*This allows software users to perform SSO.*/ “Enable SSO for Software”: true, /*This allows service desk users to perform SSO.*/ “Enable SSO for ServiceDesk”: true }, /*This section will cover User Profile mapping configuration, like linking of IdP user attribute to their local Atlassian application profile.*/ “Attribute Mapping”: { “Username”: “NameID”, “Email”: “NameID”, “Fullname”: “”, “First Name”: “”, “Last Name”: “”, “Disable Attribute Mapping”: true, “Separate Name Attributes”: false, “Regex Enabled”: false, “Login/Create Jira user account by”: “username”, “Custom Attribute Mapping”: {} }, /*This section will cover User Group mapping configuration, like linking of IdP group to local Atlassian application group , default group assignment. */ “Group Mapping”: { “Disable Group Mapping”: true, “Group Attribute”: “”, “On The Fly Group Mapping”: false, “Create New Groups”: true, “Keep users in existing groups”: true, “Restrict User Creation based on Group Mapping”: false, “Default Groups”: [ “jira-software-users” ], “Enable Default Group For”: “newUsers”, “Mapping”: {} }, /*This section provide some configurable option like new user creation in local application, certificate rollover if IdP update , IdP specific relay state.*/ “Advanced SSO Options”: { “Allow User Creation”: true, “Refresh Metadata”: false, “Refresh Interval”: “hoURLy”, “Custom Refresh Interval”: 60, “Custom Refresh Interval Unit”: “minutes”, “Relay State URL”: “”, “Time delay”: “01” } } ], /*This section provide you Service Provider(SP) info to configure as an application on the Identity Provider(IdP).You can add your own organization details.*/ “Configure IdP”: { “SP Entity ID”: “http://localhost:8080/prakash”, “SP Base URL”: “http://localhost:8080/prakash”, “Include Signing Certificate in Metadata”: true, “Include Encryption Certificate in Metadata”: false, “Organization Name”: “miniorange”, “Organizaton Display name”: “miniorange”, “Organization URL”: “”, “Technical Contact Name”: “Xecurify”, “Technical Contact Email”: “”, “Support Contact Name”: “Xecurify”, “Support Contact Email”: “” }, /*A Keypair of the public and private X.509 certificate is used to sign SAML Single Sign-On/ Logout Request and to decrypt SAML Assertion/Response from the Identity Provider(IdP).*/ “Certificates”: { “Public SP Certificate”: “—–BEGIN CERTIFICATE—–\r\..\r
—–END CERTIFICATE—–“, “Private SP Certificate”: “—–BEGIN PRIVATE KEY—–\r\..\r
—–END PRIVATE KEY—–“ }, /*Redirection Rules allow you to specify conditions like which users should be allowed SSO and which user should see the login page based on different factors such as users’ email address domain, group, or the user directory they belong to. */ “redirectionRules”: { “jira”: [], “jsd”: [], “Default Jira IdP”: “loginPage”, “Default JSD IdP”: “loginPage” }, /*The Global SSO Settings tab provides the options to enable/disable the configurations for how your users and administrators will login using SSO.*/ “Global SSO Settings”: { “Enable SSO For Jira Software”: true, “Enable SSO For S: ervice Desk”: true, “Enable Password Change”: true, “Auto-Activate User”: false, “Restrict Plugin’s API”false, “Restrict Duplicate Assertion”: false, “AssertionID Reset Interval”: “daily”, “AssertionID Custom Reset Interval”: 24 }, /*This section provides the user an option to design the login, logout, error page for Atlassian instances as per his requirements.*/ “Look and Feel Settings”: { “Login Button Text”: “Use IdP Login”, “Use Custom Login Template for Jira”: false, “Enable Custom Error Message Template”: false, “Use Custom Login Template For ServiceDesk”: false, “show Login Buttons”: true }, /*This section will allows the admin to define what should be done after the user logs out from the application.*/ “Post Logout Settings”: { “Jira Custom Logout URL”: “”, “Use Custom Jira Logout Template”: false, “JSD Custom Logout URL”: “”, “Use Custom JSD Logout Template”: false, “Use configurations same as for Jira Software “: false } }