List of REST APIs available to configure SSO on Confluence DC

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community


Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

Confluence Data Center is bundled with the SSO for Atlassian Server and Data Center App (Atlassian SSO App), with which administrators can configure SSO authentication using SAML 2.0 or OIDC with the preferred Identity Provider (IdP) supporting these standards.
Check SAML single sign-on for Atlassian Data Center applications for further details about the Atlassian SSO App.

This App has some private REST APIs to allow checking and editing its configuration. This document highlights these APIs and provide examples of usage.
Being private APIs mean they may change without necessarily following the Atlassian REST API policy.

Environment

Confluence Data Center 7.13.0

  • Although this document references Confluence, it may be used by administrators of Jira and Bitbucket when configuring SSO.

SSO for Atlassian Server and Data Center 4.2.5

  • These methods were made available since App version 4.2.0.

Solution

GET /rest/authconfig/1.0/login-options

Show all enabled authentication options.

Example
CONFLUENCE_PAT='My+PAT'
CONFLUENCE_BASE_URL=https://confluence.pawtucketbrewery.com

curl -s -X GET \
 -H "Authorization: Bearer ${CONFLUENCE_PAT}" \
 -H 'Accept: application/json' \
 ${CONFLUENCE_BASE_URL}'/rest/authconfig/1.0/login-options'
Example response... 
{
  "results": [
    {
      "type": "LOGIN_FORM",
      "id": 0
    },
    {
      "type": "IDP",
      "id": 1,
      "button-text": "Log in with IdP 1",
      "login-link": "https://confluence.pawtucketbrewery.com/plugins/servlet/external-login/1"
    },
    {
      "type": "IDP",
      "id": 2,
      "button-text": "Log in with another IdP",
      "login-link": "https://confluence.pawtucketbrewery.com/plugins/servlet/external-login/2"
    }
  ],
  "size": 3,
  "start": 0,
  "limit": -1,
  "isLastPage": true
}


GET /rest/authconfig/1.0/idps

Get detailed configuration from all IdPs.

Example
CONFLUENCE_PAT='My+PAT'
CONFLUENCE_BASE_URL=https://confluence.pawtucketbrewery.com

curl -s -X GET \
 -H "Authorization: Bearer ${CONFLUENCE_PAT}" \
 -H 'Accept: application/json' \
 ${CONFLUENCE_BASE_URL}'/rest/authconfig/1.0/idps'
Example response... 
{
  "results": [
    {
      "id": 1,
      "name": "SAML SSO",
      "enabled": true,
      "certificate": "MI(...)AHM",
      "sso-type": "SAML",
      "include-customer-logins": false,
      "enable-remember-me": true,
      "last-updated": "2021-09-20T13:12:05.075-03:00",
      "jit-configuration": {
        "user-provisioning-enabled": false,
        "mapping-display-name": "",
        "mapping-email": "",
        "mapping-groups": "",
        "additional-openid-scopes": []
      },
      "button-text": "Log in with IdP 1",
      "idp-type": "GENERIC",
      "sso-url": "https://my.idp.com/27011985/sso/saml",
      "sso-issuer": "https://my.idp.com/27011985",
      "username-attribute": "${NameID}"
    },
    {
      "id": 2,
      "name": "Another SAML SSO",
      "enabled": true,
      "certificate": "MI(...)TM",
      "sso-type": "SAML",
      "include-customer-logins": false,
      "enable-remember-me": true,
      "last-updated": "2021-09-22T11:57:07.392-03:00",
      "jit-configuration": {
        "user-provisioning-enabled": false,
        "mapping-display-name": "",
        "mapping-email": "",
        "mapping-groups": "",
        "additional-openid-scopes": []
      },
      "button-text": "Log in with another IdP",
      "idp-type": "GENERIC",
      "sso-url": "https://another.idp.com/12062019/sso/saml",
      "sso-issuer": "https://another.idp.com/12062019",
      "username-attribute": "${NameID}"
    }
  ],
  "size": 2,
  "start": 0,
  "limit": 50,
  "isLastPage": true
}


POST /rest/authconfig/1.0/idps

Create a new configuration for an IdP.

Example
CONFLUENCE_PAT='My+PAT'
CONFLUENCE_BASE_URL=https://confluence.pawtucketbrewery.com

curl -s -X POST \
 -H "Authorization: Bearer ${CONFLUENCE_PAT}" \
 -H 'content-type: application/json' \
 -H 'Accept: application/json' \
 ${CONFLUENCE_BASE_URL}'/rest/authconfig/1.0/idps' \
 -d '{
  "name": "New SAML SSO",
  "enabled": true,
  "certificate": "(...)",
  "sso-type": "SAML",
  "enable-remember-me": true,
  "button-text": "Log in with the new IdP",
  "idp-type": "GENERIC",
  "sso-url": "https://new.idp.com/12062019/sso/saml",
  "sso-issuer": "https://new.idp.com/12062019",
  "username-attribute": "${NameID}",
  "jit-configuration": {
      "user-provisioning-enabled": false
    }
  }'
Example response... 
{
  "id": 3,
  "name": "New SAML SSO",
  "enabled": true,
  "certificate": "(...)",
  "sso-type": "SAML",
  "include-customer-logins": false,
  "enable-remember-me": true,
  "last-updated": "2021-09-22T20:33:07.55-03:00",
  "jit-configuration": {
    "user-provisioning-enabled": false,
    "mapping-display-name": "",
    "mapping-email": "",
    "mapping-groups": "",
    "additional-openid-scopes": []
  },
  "button-text": "Log in with the new IdP",
  "idp-type": "GENERIC",
  "sso-url": "https://new.idp.com/12062019/sso/saml",
  "sso-issuer": "https://new.idp.com/12062019",
  "username-attribute": "${NameID}"
}


GET /rest/authconfig/1.0/idps/{id}

Get the configuration of an IdP.

Example
CONFLUENCE_PAT='My+PAT'
CONFLUENCE_BASE_URL=https://confluence.pawtucketbrewery.com
CONFLUENCE_SSO_IDP_ID=1

curl -s -X GET \
 -H "Authorization: Bearer ${CONFLUENCE_PAT}" \
 -H 'Accept: application/json' \
 ${CONFLUENCE_BASE_URL}'/rest/authconfig/1.0/idps/'${CONFLUENCE_SSO_IDP_ID}
Example response... 
{
  "id": 1,
  "name": "SAML SSO",
  "enabled": true,
  "certificate": "MI(...)eZ",
  "sso-type": "SAML",
  "include-customer-logins": false,
  "enable-remember-me": true,
  "last-updated": "2021-09-20T13:12:05.075-03:00",
  "jit-configuration": {
    "user-provisioning-enabled": false,
    "mapping-display-name": "",
    "mapping-email": "",
    "mapping-groups": "",
    "additional-openid-scopes": []
  },
  "button-text": "Log in with IdP 1",
  "idp-type": "GENERIC",
  "sso-url": "https://my.idp.com/27011985/sso/saml",
  "sso-issuer": "https://my.idp.com/27011985",
  "username-attribute": "${NameID}"
}


PATCH /rest/authconfig/1.0/idps/{id}

Change one or more attributes in the configuration of an IdP.

Example
CONFLUENCE_PAT='My+PAT'
CONFLUENCE_BASE_URL=https://confluence.pawtucketbrewery.com
CONFLUENCE_SSO_IDP_ID=1

curl -s -X PATCH \
 -H "Authorization: Bearer ${CONFLUENCE_PAT}" \
 -H 'content-type: application/json' \
 -H 'Accept: application/json' \
 ${CONFLUENCE_BASE_URL}'/rest/authconfig/1.0/idps/'${CONFLUENCE_SSO_IDP_ID} \
 -d '{
  "enable-remember-me": false,
  "button-text": "Log in with patched IdP"
  }'
Example response... 
{
  "id": 1,
  "name": "SAML SSO",
  "enabled": true,
  "certificate": "MI(...)eZ",
  "sso-type": "SAML",
  "include-customer-logins": false,
  "enable-remember-me": false,
  "last-updated": "2021-09-22T22:15:24.599-03:00",
  "jit-configuration": {
    "user-provisioning-enabled": false,
    "mapping-display-name": "",
    "mapping-email": "",
    "mapping-groups": "",
    "additional-openid-scopes": []
  },
  "button-text": "Log in with patched IdP",
  "idp-type": "GENERIC",
  "sso-url": "https://my.idp.com/27011985/sso/saml",
  "sso-issuer": "https://my.idp.com/27011985",
  "username-attribute": "${NameID}"
}


DELETE /rest/authconfig/1.0/idps/{id}

Delete one or more attributes in the configuration of an IdP.

Example
CONFLUENCE_PAT='My+PAT'
CONFLUENCE_BASE_URL=https://confluence.pawtucketbrewery.com
CONFLUENCE_SSO_IDP_ID=1

curl -s -X DELETE \
 -H "Authorization: Bearer ${CONFLUENCE_PAT}" \
 ${CONFLUENCE_BASE_URL}'/rest/authconfig/1.0/idps/'${CONFLUENCE_SSO_IDP_ID}


See Also


Last modified on Oct 4, 2023

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.