As a Crowd administrator, I would like to use Any IdP SSO (SAML) for my Atlassian applications, however, my idea is to have only Crowd integration with IdP and acting as a bridge app in between IdP and Jira/Confluence/Bitbucket. This means that if an unauthenticated user logs to Confluence, Confluence sends an authentication request to Crowd and Crowd talks to IdP to get the SAML Authentication done.
- User tries to access Confluence/Jira.
- They reach Crowd Logon page.
- They insert their user and password which is authenticated against the information in IdP.
- IdP sends the confirmation to Crowd.
- Crowd redirects to the application being requested.
Each application needs to be SAML Versed in order for them to be able to integrate with IdP. The way we establish this is by either using the Connectors provided by IdP (available for Jira and Confluence only) or through third party plugins provided by vendors such as Mini Orange(e.g).
Once that's done, we integrate those applications with IdP with the aid of those plugins as well. At this point, the applications will know that login requests should go to IdP to be processed and will also know how to read a SAML response accordingly.
The scenario explained above seems ambiguous, since both Crowd and IdP in their scenario seem to have the same or very similar proposal which is to act as the IdP. However, even though this is similar, it can be important for some organizations or companies.