I would like to log in to JIRA using SAML using Keycloak.
I set the same settings by referring to the community post below.
In the Keycloak client configuration, turn OFF “Client Signature Required” and click on “Save”.
In Atlassian Access, you need to provide three values:
“Identity provider Entity ID” - this will be your server’s URL followed by /auth/realms/
“Identity provider SSO URL” - this will be your server’s URL followed by /auth/realms//protocol/saml
“Public x509 certificate” - this can be obtained from Keycloak. On our server, I found in under Realm Settings - Keys, then clicking on the Certificate button.
With the values entered, Atlassian Access will give you two URIs - SP Entity ID and SP Assertion Consumer Service URL.
Edit the SAML client you created in Keycloak. Change the client ID to be the “SP Entity ID” value. Copy the “SP Assertion Consumer Service URL” and paste it into “Valid Redirect URIs” and “Base URL”. Click “Save”.
However, an error occurs when connecting.
[Case A]
When Atlassian> Service provider assertion consumer service URL is entered in two places: Keycloak> Home URL, Valid redirect URIs
→ ‘{“key”:“method_not_allowed”}’ is displayed.
[Case B]
When Atlassian> Identity provider SSO URL is entered in Keycloak> Home URL
→ ‘Page not found’ is displayed.
When I contacted Atlassian’s customer service center, I received the following response.
Can you tell me what value I should enter for Home URL?
I can see that the “Identity provider SSO URL” is not reachable. Can you please contact Keycloac support? They should guide you to the correct link.
This link should be reachable:
https://keycloak.{mycompany}.co.kr/auth/realms/{myrelam}/protocol/saml
Once you get the correct link you need to change it on the Atlassian side and do the test again.