[JRASERVER-71288] SAML authentication assertions and responses should be signed

Type: Suggestion
Resolution: Unresolved
Fix Version/s: None
Component/s: Security
Labels:

UIS:
2
Support reference count:
4
Feedback Policy:

We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

Some Identity providers like one login expect authentication requests/responses to be signed by Jira citing security vulnerability. This results in SAML response to throw errors

<samlp:StatusMessage>Signature required</samlp:StatusMessage>

is related to

JRASERVER-67292 SAML Authentication Add-on to accept either Assertions or Response to be signed by IDP

Gathering Interest

SAMLDC-40 Assertion encryption

Under Consideration

relates to

CONFSERVER-59097 SAML AuthnRequest should be signed

Gathering Interest

SAMLDC-57 SAML AuthnRequest should be signed

Waiting for Release

links to

Related request from a Premier Support Customer

mentioned in: Page Loading...

(1 mentioned in)

Form Name

Rilwan Ahmed added a comment - 21/Oct/2024 8:37 AM

Any progress on this request ?

Rilwan Ahmed added a comment - 21/Oct/2024 8:37 AM Any progress on this request ?

Dhiraj Kumar Mishra added a comment - 13/Dec/2021 12:12 PM

I am wondering why Atlassian is taking this long (4 years) to implement such a small feature even though its about security of the tool.

Dhiraj Kumar Mishra added a comment - 13/Dec/2021 12:12 PM I am wondering why Atlassian is taking this long (4 years) to implement such a small feature even though its about security of the tool.

N added a comment - 28/Feb/2021 11:24 AM

Please permit SAML requests to be digitally signed for Atlassian products.

SAML request signing is a part of the SAML standard; and not having it opens a security hole that can be easily fixed by enabling SAML request signing.

N added a comment - 28/Feb/2021 11:24 AM Please permit SAML requests to be digitally signed for Atlassian products. SAML request signing is a part of the SAML standard; and not having it opens a security hole that can be easily fixed by enabling SAML request signing.

sthanu added a comment - 19/Jan/2018 9:06 PM

we really love to see this feature enabled in Jira

sthanu added a comment - 19/Jan/2018 9:06 PM we really love to see this feature enabled in Jira

Assignee:: Unassigned

Reporter:: shrivatsaa

Votes:: 32 Vote for this issue

Watchers:: 27 Start watching this issue

Created:: 19/Jan/2018 8:24 PM

Updated:: 12/Dec/2024 1:13 AM

Details

Description

Attachments

Issue Links

Forms

Activity

Collapse comment: Rilwan Ahmed added a comment - 21/Oct/2024 8:37 AM

Expand comment: Rilwan Ahmed added a comment - 21/Oct/2024 8:37 AM

Collapse comment: Dhiraj Kumar Mishra added a comment - 13/Dec/2021 12:12 PM

Expand comment: Dhiraj Kumar Mishra added a comment - 13/Dec/2021 12:12 PM

Collapse comment: N added a comment - 28/Feb/2021 11:24 AM

Expand comment: N added a comment - 28/Feb/2021 11:24 AM

Collapse comment: sthanu added a comment - 19/Jan/2018 9:06 PM

Expand comment: sthanu added a comment - 19/Jan/2018 9:06 PM

People

Dates