Uploaded image for project: 'Atlassian Guard'
  1. Atlassian Guard
  2. ACCESS-1213

Sign SAML Requests

XMLWordPrintable

    • 21

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Problem Summary:

      Although the official SAML standards do not require it, many IdPs require a signed AuthNRequest for security reasons.

      Thereby, authentication requests to IdPs that require the signature will fail with this error:

      ERROR [http-nio-8017-exec-11] [onelogin.saml2.authn.SamlResponse] isValid The status code of the Response was not Success, was urn:oasis:names:tc:SAML:2.0:status:Requester -> Signature required

      Customers cannot integrate such IDPs with Atlassian Cloud as the request always fails unless they tweak the IDP logic to not check for signed SAML requests.

      Solution:
      Optionally provided an SP SAML certificate to the IDPs that need the SAML requests to be signed

            [ACCESS-1213] Sign SAML Requests

            Sebastian Vassiliou added a comment -

            This feature is critical for us, as SAML is the only viable option for SSO with Atlassian.

            Unfortunately, not signing requests means that our IdP will refuse authentication.

            It should not be too hard to implement, however I worry that being a feature that is more of interest to Admins, not much votes are to be expected, which is a shame.

            Sebastian Vassiliou added a comment - This feature is critical for us, as SAML is the only viable option for SSO with Atlassian. Unfortunately, not signing requests means that our IdP will refuse authentication. It should not be too hard to implement, however I worry that being a feature that is more of interest to Admins, not much votes are to be expected, which is a shame.

            Joren Claes added a comment -

            Hi,
            Could we have an estimate on the consideration of this request? Roadmap?

            Thanks in advance for the answer

            Joren Claes added a comment - Hi, Could we have an estimate on the consideration of this request? Roadmap? Thanks in advance for the answer

            Christof Cuypers - Abano added a comment -

            Hi,
            Could we have an estimate on the consideration of this request? Roadmap?

            Thanks in advance for the answer

            Christof Cuypers - Abano added a comment - Hi, Could we have an estimate on the consideration of this request? Roadmap? Thanks in advance for the answer

            Julien REBILLARD added a comment -

            Hi,
            Could we have an estimate on the consideration of this request? Roadmap?

            Thanks in advance for the answer

            Julien REBILLARD added a comment - Hi, Could we have an estimate on the consideration of this request? Roadmap? Thanks in advance for the answer

              e902c0832f88 Sudesh Peram
              umasih@atlassian.com Ulka
              Votes:
              35 Vote for this issue
              Watchers:
              38 Start watching this issue

                Created:
                Updated: