Uploaded image for project: 'SAML for Atlassian Data Center'
  1. SAML for Atlassian Data Center
  2. SAMLDC-98

As an administrator I would like the Atlassian Authentication App to rely solely on the IdP for user authentication

XMLWordPrintable

    • Icon: Suggestion Suggestion
    • Resolution: Unresolved
    • Icon: Low Low
    • None
    • None
    • SSO
    • None

      Problem Definition

      The Atlassian Authentication App is used to provide SSO authentication to some Atlassian Data Center products, such as Confluence.

      The user provisioning can still rely on other product feature provided by embedded Crowd, such as configuring a connector to an LDAP.

      In the scenario where the connector is configured, the Atlassian Authentication App will also make a query to the LDAP when a user authenticates using SSO.

      This might become a problem if the connection to the LDAP server isn't performant or if there's any configuration that is known to be resource expensive.
      For example, using the LDAP_MATCHING_RULE_IN_CHAIN attribute as part of the User Filter.

      The IdP can be viewed as the central location for user information, such as if the user is active/inactive and if application access is given.
      Therefore, we wouldn't need to query the LDAP for the same information.

      Suggested Solution

      Make a default configuration to rely solely on the IdP, not querying the LDAP if a connector directory exists for user provisioning.
      Make it a configuration option to enable it in case the admin needs this type of feature.

            [SAMLDC-98] As an administrator I would like the Atlassian Authentication App to rely solely on the IdP for user authentication

            There are no comments yet on this issue.

              ppetrowski Patryk
              tmasutti Thiago Masutti
              Votes:
              5 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: