Confluence is a web-based corporate wiki developed by Atlassian.
It is compatible with SAML and OpenID Connect. This tutorial will focus on SAML.
You must first configure LemonLDAP::NG as a SAML Identity Provider.
In the SSO configuration page, choose SAML as the authentication method. And set the following parameters.
Don’t forget to replace auth.example.com with your actual domain.
Danger
Make sure the certificate you copy into Confluence starts with BEGIN CERTIFICATE and not with BEGIN PRIVATE KEY
Write down the Assertion Consumer Service URL and the Audience URL, that Confluence is showing you, you will need it to configure LemonLDAP::NG
In the LemonLDAP::NG Manager, create a new SAML Service Provider
In Metadata, copy the following XML document, and don’t forget to change AUDIENCE_URL and CONSUMER_SERVICE_URL the URLs with the values given by Confluence.
<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
entityID="AUDIENCE_URL">
<md:SPSSODescriptor
AuthnRequestsSigned="false"
WantAssertionsSigned="false"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
<md:AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="CONSUMER_SERVICE_URL"
index="1"/>
</md:SPSSODescriptor>
</md:EntityDescriptor>
In Exported Attributes, add a new attribute:
Finally, in Options » Signature, set