-
Suggestion
-
Resolution: Unresolved
-
19
-
When configuring SAML single sign-on, if the user uses URLs like https://id.atlassian.com, https://start.atlassian.com, and https://example.atlassian.net, this will allow people added to the identity provider to log-in via IDP-initiated log-in to Atlassian products and the account.
However, if the https://trello.com URL is used as the relay state, this will not authenticate the user to Trello and will require the account to use the Log-in flow, even though it is already authenticated to the Atlassian account.
Suggestion
This is a suggestion to allow https://trello.com to be used as the relay state, automatically authenticating accounts, as it would happen with https://id.atlassian.com
Workaround
Add the following URL to the Relay state configuration of the identity provider:
https://trello.com/ensureSession
This will automatically log the user to Trello.
- follows
-
- Closed
[ACCESS-1025] Allow trello.com to be used as a relay state URL for IDP-initiated log-in
| Labels | New: guard-s8 |
| Support reference count | Original: 18 | New: 19 |
| Support reference count | Original: 17 | New: 18 |
| Support reference count | Original: 16 | New: 17 |
| Support reference count | Original: 15 | New: 16 |
| Link |
New:
This issue follows |
| Description |
Original:
When [configuring SAML single sign-on|https://support.atlassian.com/security-and-access-policies/docs/configure-saml-single-sign-on-with-an-identity-provider/], if the user uses URLs like https://id.atlassian.com, https://start.atlassian.com, and https://example.atlassian.net, this will allow people added to the identity provider to log-in via IDP-initiated log-in to Atlassian products and the account.
However, if the https://trello.com URL is used as the relay state, this will not authenticate the user to Trello and will require the account to use the *Log-in* flow, even though it is already authenticated to the Atlassian account. h3.Suggestion This is a suggestion to allow https://trello.com to be used as the *relay state*, automatically authenticating accounts, as it would happen with https://id.atlassian.com h3.Workaround Add the following URL to the *Relay state* configuration of the identity provider: https://trello.com/appSwitcherLogin This will automatically log the user to Trello. |
New:
When [configuring SAML single sign-on|https://support.atlassian.com/security-and-access-policies/docs/configure-saml-single-sign-on-with-an-identity-provider/], if the user uses URLs like [https://id.atlassian.com|https://id.atlassian.com/], [https://start.atlassian.com|https://start.atlassian.com/], and [https://example.atlassian.net|https://example.atlassian.net/], this will allow people added to the identity provider to log-in via IDP-initiated log-in to Atlassian products and the account.
However, if the [https://trello.com|https://trello.com/] URL is used as the relay state, this will not authenticate the user to Trello and will require the account to use the *Log-in* flow, even though it is already authenticated to the Atlassian account. h3. Suggestion This is a suggestion to allow [https://trello.com|https://trello.com/] to be used as the {*}relay state{*}, automatically authenticating accounts, as it would happen with [https://id.atlassian.com|https://id.atlassian.com/] h3. Workaround Add the following URL to the *Relay state* configuration of the identity provider: https://trello.com/ensureSession This will automatically log the user to Trello. |
| Support reference count | Original: 14 | New: 15 |
| Support reference count | New: 14 |
I should also add that I cannot have both the Atlassian Cloud Azure AD enterprise app and also add a Trello-specific SAML SSO app, because they would have to both share an Entity ID, and would have different certificates. I don't think it's currently possible to keep both apps in one Azure AD.