Skip to main content
Version: Next

Set Up Single Sign-On for Confluence

This guide provides step-by-step instructions for setting up single sign-on (SSO) on Confluence, using miniOrange and Keycloak.

Prerequisites

  • Access to Keycloak Master Realm
  • Make sure you have an instance of Confluence up and running.
  • Do not log into the Atlassian app until instructed in the following steps.

Initial Setup in Confluence

Log In as Administrator User

  1. Navigate to Confluence and log in as the administrator (admin) user.
  2. Complete the initial settings as prompted. Select "Start with a blank project", if unsure.
  1. Click on the Settings gear icon in the top-right corner.
  2. Select Manage Apps.

Non Air-Gapped Environment

  1. Click on Find new apps.
  2. Search for miniorange.
  3. From the results, click on Single Sign On (SSO) via OAuth and OpenID for Confluence.
  4. Click on Free trial, install the app.

Air-Gapped Environment

  1. Scroll to the bottom, and click Settings.
  2. Uncheck Connect to the Atlassian Marketplace, and click Apply.
  3. Click Upload app.
  4. Install the Confluence miniOrange app file that was uploaded to an S3 bucket as part of your data transfer. It is available at the following link: https://marketplace.atlassian.com/apps/1218360/mo-confluence-oauth-sso-confluence-openid-connect-oidc-sso/version-history

Activate License

  1. Click on Manage apps again.
  2. Select the miniOrange app, paste your valid miniOrange SSO app license key, and click Update.

Keycloak Configuration

  1. Log in to Keycloak as an admin user.
  2. Make sure to select the appropriate realm (smoothglue).

Create OpenID Connect Client

  1. While you are in the smoothglue realm, click on Clients under Manage in the left pane.
  2. Click Create client.
  3. Enter client name confluence for Client ID.
  4. Click on the Next button.
  5. Toggle on Client authentication.
  6. Click on the Next button. Note: The application's FQDN name may be obtained by running kubectl get virtualservice -A
  7. Enter https://{{ application_fqdn }}/plugins/servlet/oauth/callback for Valid Redirect URIs.
  8. Click on the Save button.

SSO Configuration

Retrieve the client_secret from the Keycloak client:

  1. As a Keycloak Admin and within the smoothglue realm, click Clients on the left-hand panel.
  2. Click on the confluence client.
  3. Click on the Credentials tab.
  4. Copy the value from the Client Secret field.

Final Configuration in Confluence

Configure OAuth in miniOrange Plugin

  1. Navigate to the miniOrange plugin in Confluence.
  2. Click on Add New App, enter Keycloak.
  3. Select Keycloak version as 18 or above.
  4. Custom App Name as keycloak.
  5. Client Id as confluence.
  6. Client Secret from the earlier section.
  7. Scope as openid.
  8. Domain URL as https://{{ keycloak_fqdn }}/auth.
  9. Realm name as smoothglue.
  10. Logout Enpoint as https://{{ keycloak_fqdn }}/auth/realms/smoothglue/protocol/openid-connect/logout.
  11. Click on Save.
  12. You can click on Test Configuration to verify that you are presented with the Keycloak login screen.

Configure Confluence User Server

Prerequisites:

In SmoothGlue, Jira is intended to be the primary user store for Jira and Confluence. Users are dynamically created when logging in from Keycloak. Please use the following steps to configure Confluence to use the Jira User Server:

  1. Login to Confluence as administrator.
  2. Click on the Settings gear icon in the top-right corner.
  3. Click General configuration.
  4. Click User directories in the left-hand panel.
  5. Click Add Directory and select type Atlassian Crowd.
  6. Click Next.
  7. Enter Jira Server for Name.
  8. Enter http://jira.jira.svc.cluster.local for Server URL.
  9. Enter confluence for Application Name.
  10. Enter the password that you defined for your Confluence application in the settings on Jira.
  11. Enter 15 for Synchronization Interval (minutes).
  12. Click Test Settings. You should see Connection test successful. message displayed.
  13. Click Save and Test to finalize the configuration.