New User Sync 2.0:

• Overhauled user interface for easier configuration
• Improved setup for Google Cloud Identity (formerly known as G Suite)
• New attribute mapping with presets and transformations for common cases
• Groovy transformations for advanced use cases
• Linchpin User Profiles integration
• Integrated tutorial videos
• Experimental support for SCIM 2.0 and custom Groovy driven connectors

Bug fixes and improvements for SAML SSO:

• Bug fixes for setup wizard and authentication tracker table
• Easier debugging for configurations with multiple Identity Providers
• UI adjustments for improved readability

This is major release, make sure to test first and have backups! Read more in our release notes.

New User Sync 2.0:

• Overhauled user interface for easier configuration
• Improved setup for Google Cloud Identity (formerly known as G Suite)
• New attribute mapping with presets and transformations for common cases
• Groovy transformations for advanced use cases
• Linchpin User Profiles integration
• Integrated tutorial videos
• Experimental support for SCIM 2.0 and custom Groovy driven connectors

Bug fixes and improvements for SAML SSO:

• Bug fixes for setup wizard and authentication tracker table
• Easier debugging for configurations with multiple Identity Providers
• UI adjustments for improved readability

This is major release, make sure to test first and have backups! Read more in our release notes.

• Fixed login redirection for URLs containing special characters.
• Fixed pagination in authentication tracker list.
• This update includes the bugfix release of User Sync 1.9.6.

• Fixed login redirection for URLs containing special characters.
• Fixed pagination in authentication tracker list.
• This update includes the bugfix release of User Sync 1.9.6.

• Fixed failing base URL check for absolute URLs.
• This update includes the bugfix release of User Sync 1.9.5.

• Fixed failing base URL check for absolute URLs.
• This update includes the bugfix release of User Sync 1.9.5.

• Fixed bug in Just-in-Time Provisioning: groups are no longer created if option “Create groups if they do not exist” is disabled.
• This update includes the bugfix release of User Sync 1.9.4.

• Fixed bug in Just-in-Time Provisioning: groups are no longer created if option “Create groups if they do not exist” is disabled.
• This update includes the bugfix release of User Sync 1.9.4.

• Fixed possible redirection vulnerability in samlsso servlet and WebSudo servlet.
• Fixed metadata import when metadata only contains a REDIRECT login binding.
• Fixed tester for “E-Mail Domains”
• Fixed non-SSO URL for Service Desk Portal (JSM).
• This update includes the bugfix release of User Sync 1.9.3.

• Fixed possible redirection vulnerability in samlsso servlet and WebSudo servlet.
• Fixed metadata import when metadata only contains a REDIRECT login binding.
• Fixed tester for “E-Mail Domains”
• Fixed non-SSO URL for Service Desk Portal (JSM).
• This update includes the bugfix release of User Sync 1.9.3.

• Fixed: login will no longer fail if User Sync lookup fails.
• Fixed: automatic metadata refresh no longer leads to invalid configuration.
• Fixed: refresh tracker button now working again.
• Fixed duplicate X-XSS-Protection headers in samlsso servlet.
• Added X-Content-Type-Options header to samlsso servlet.
• Added support for organization assignment in Jira Service Management (JSM).
• This update includes the bugfix release of User Sync 1.9.2.

• Fixed: login will no longer fail if User Sync lookup fails.
• Fixed: automatic metadata refresh no longer leads to invalid configuration.
• Fixed: refresh tracker button now working again.
• Fixed duplicate X-XSS-Protection headers in samlsso servlet.
• Added X-Content-Type-Options header to samlsso servlet.
• Added support for organization assignment in Jira Service Management (JSM).
• This update includes the bugfix release of User Sync 1.9.2.

• Fixed user reactivation when user exists in multiple directories.
• Fixed: groups are no longer removed from non-SAML-created users.
• Changed order or transformations to recreate the behavior of SAML Single Sign On 3.x.
• Fixed the status of the authentication tracker when the users is updated during login.
• Fixed groups assignment for Service Desk customers during Just-in-Time Provisioning.

• Fixed user reactivation when user exists in multiple directories.
• Fixed: groups are no longer removed from non-SAML-created users.
• Changed order or transformations to recreate the behavior of SAML Single Sign On 3.x.
• Fixed the status of the authentication tracker when the users is updated during login.
• Fixed groups assignment for Service Desk customers during Just-in-Time Provisioning.

Reach 100% accuracy in user & group attribute mapping from your IdP into the Atlassian application!

• Advanced attribute mapping: Map any attributes from the identity provider to local user attributes, including Confluence user profile attributes
• Configuration presets for common uses cases and identity providers
• New transformations in addition to regular expressions:
  • common transformations as presets (e.g. convert Azure guest users or strip email domains)
  • new transformations such as splitting attribute values by separator
  • custom transformations with Groovy scripts
• Define custom Attributes like employee ID to search for your users in the Atlassian app
• Other improvements & bug fixes:
  • Improved Auth Tracker List: ability to search & filter logins, and create a support case in-app
  • Bug Eradicated: Literally one bug eradicated in User & Group Sync 1.9.0
  • Fixed WebSudo with SAML for Chrome & other browsers enforcing new samesite cookie policies

New in 4.0.5

• Fixed group assignment for SD customers

Reach 100% accuracy in user & group attribute mapping from your IdP into the Atlassian application!

• Advanced attribute mapping: Map any attributes from the identity provider to local user attributes, including Confluence user profile attributes
• Configuration presets for common uses cases and identity providers
• New transformations in addition to regular expressions:
  • common transformations as presets (e.g. convert Azure guest users or strip email domains)
  • new transformations such as splitting attribute values by separator
  • custom transformations with Groovy scripts
• Define custom Attributes like employee ID to search for your users in the Atlassian app
• Other improvements & bug fixes:
  • Improved Auth Tracker List: ability to search & filter logins, and create a support case in-app
  • Bug Eradicated: Literally one bug eradicated in User & Group Sync 1.9.0
  • Fixed WebSudo with SAML for Chrome & other browsers enforcing new samesite cookie policies

New in 4.0.5

• Fixed group assignment for SD customers

• Fixed possible open redirect vulnerability (minor severity) in logged out page template.
• Added documentation for WebSudo usage, check this knowledge base article for more information.
• This update includes the bugfix release of User Sync 1.5.4.

• Fixed possible open redirect vulnerability (minor severity) in logged out page template.
• Added documentation for WebSudo usage, check this knowledge base article for more information.
• This update includes the bugfix release of User Sync 1.5.4.

• Fixed possible path traversal vulnerability in SSO redirection.
• Added additional default non-SSO user agents for Microsoft Office.
• Fixed some minor user interface bugs in Jira 8.12.
• This update includes the bugfix release of User Sync 1.5.3.

• Fixed possible path traversal vulnerability in SSO redirection.
• Added additional default non-SSO user agents for Microsoft Office.
• Fixed some minor user interface bugs in Jira 8.12.
• This update includes the bugfix release of User Sync 1.5.3.

• Fixed possbile XXE vulnerability in a REST endpoint that is only accessible with SYSADMIN privileges.
• Updated AngularJS.
• This update includes the bugfix release of User Sync 1.5.2.

• Fixed possbile XXE vulnerability in a REST endpoint that is only accessible with SYSADMIN privileges.
• Updated AngularJS.
• This update includes the bugfix release of User Sync 1.5.2.

• Fixed a bug in WebSudo via SAML when the host application is running under a context path.

• Fixed a bug in WebSudo via SAML when the host application is running under a context path.

• Administrators logged in via SAML can now re-authenticate at the SAML IdP to start a WebSudo session.
• Provides an API allowing other plugins to use SAML for additional authentication (e.g. for approval processes).
• Allows using a separate response URL for Single Logout responses.
• This update includes the bugfix release of User Sync 1.5.1.

• Administrators logged in via SAML can now re-authenticate at the SAML IdP to start a WebSudo session.
• Provides an API allowing other plugins to use SAML for additional authentication (e.g. for approval processes).
• Allows using a separate response URL for Single Logout responses.
• This update includes the bugfix release of User Sync 1.5.1.

• Administrators logged in via SAML can now re-authenticate at the SAML IdP to start a WebSudo session.

• Provides an API allowing other plugins to use SAML for additional authentication (e.g. for approval processes).
• Allows using a separate response URL for Single Logout responses.
• This update includes the bugfix release of User Sync 1.5.1.

• Administrators logged in via SAML can now re-authenticate at the SAML IdP to start a WebSudo session.
• Provides an API allowing other plugins to use SAML for additional authentication (e.g. for approval processes).
• Allows using a separate response URL for Single Logout responses.
• This update includes the bugfix release of User Sync 1.5.1.

• This update includes the bugfix release of User Sync 1.5.0.

• The error page does no longer contain a stacktrace.

• This update includes the bugfix release of User Sync 1.5.0.

• The error page does no longer contain a stacktrace.

• This update includes the bugfix release of User Sync 1.4.4.
• Fixed possible vulnerability when redirecting to malicious URLs without protocol part.
• Fixed bug where login was not possible when the Issuer is only present in the assertion.
• Fixed NullPointerException when accessing Service Desk logout URL when not logged in.

• This update includes the bugfix release of User Sync 1.4.4.
• Fixed possible vulnerability when redirecting to malicious URLs without protocol part.
• Fixed bug where login was not possible when the Issuer is only present in the assertion.
• Fixed NullPointerException when accessing Service Desk logout URL when not logged in.

This update includes the bugfix release of User Sync 1.4.3.

This update includes the bugfix release of User Sync 1.4.3.

• This update includes the bugfix release of User Sync 1.4.1.

• Added: option to rename users during login when using EMAIL oder ADDITIONALID as authentication attribute. This is optional and needs to be explicitly enabled in the section "User Creation and Update from SAML Attributes".
• Fixed: redirection to Jira mobile view after Sign on.

• This update includes the bugfix release of User Sync 1.4.1.

• Added: option to rename users during login when using EMAIL oder ADDITIONALID as authentication attribute. This is optional and needs to be explicitly enabled in the section "User Creation and Update from SAML Attributes".
• Fixed: redirection to Jira mobile view after Sign on.

• This update includes User Sync 1.4.0.
• Fixed Sign On issues when clicking links from Microsoft Office applications.
• Fixed problem with IdP selection when multiple Atlassian applications are running on the same host.
• Fixed redirection to specific Jira dashboards after Sign On.

• This update includes User Sync 1.4.0.
• Fixed Sign On issues when clicking links from Microsoft Office applications.
• Fixed problem with IdP selection when multiple Atlassian applications are running on the same host.
• Fixed redirection to specific Jira dashboards after Sign On.

This update includes the bugfix release of User Sync 1.3.1.

This update includes the bugfix release of User Sync 1.3.1.

• Fixed login error related to signing when using Redirect binding.
• Fixed redirection to requested page after login.
• LogoutRequest on IdP initiated Single Logout is now added to authentication tracker.
• Fixed UI bugs in Jira 8.4.

• Fixed login error related to signing when using Redirect binding.
• Fixed redirection to requested page after login.
• LogoutRequest on IdP initiated Single Logout is now added to authentication tracker.
• Fixed UI bugs in Jira 8.4.

• This update includes User Sync 1.3.0, which brings the new OneLogin connector, improved G Suite sync and bug fixes.
• Added authentication by additional ID.
• Fixed regular expression matching for IdP selection by request header.
• Fixed possible Host Header Injection vulnerability in SSO redirection.
• Fixed bug where the session cookie was not properly cleared on logout.
• Fixed bug where URLs were truncated during SSO when they contained special characters.
• Fixed bug where log message of a Jira component were printed to Confluence and Bitbucket logs.

For more information please visit our wiki.

• This update includes User Sync 1.3.0, which brings the new OneLogin connector, improved G Suite sync and bug fixes.
• Added authentication by additional ID.
• Fixed regular expression matching for IdP selection by request header.
• Fixed possible Host Header Injection vulnerability in SSO redirection.
• Fixed bug where the session cookie was not properly cleared on logout.
• Fixed bug where URLs were truncated during SSO when they contained special characters.
• Fixed bug where log message of a Jira component were printed to Confluence and Bitbucket logs.

For more information please visit our wiki.

• This update includes User Sync 1.2.1 which fixes a bug related to retrieving and updating OAuth tokens in the Azure AD and GSuite connector.

• This update includes User Sync 1.2.1 which fixes a bug related to retrieving and updating OAuth tokens in the Azure AD and GSuite connector.

This version contains smaller improvements and bug fixes. It's a minor version change to be aligned with the Bitbucket-version which now also contains UserSync

• Fixed wizard to allow importing JSON-files
• Fixed plugin login shown after installation The IdP certificate's validity dates are checked now and there is an option to deny the login if the certificate is no longer valid
• Disabled users are not activated during the update if "Reactivate inactive users" is not checked
• added /secure/johnson/events/dismiss to the non-SSO-URLs

This version contains smaller improvements and bug fixes. It's a minor version change to be aligned with the Bitbucket-version which now also contains UserSync

• Fixed wizard to allow importing JSON-files
• Fixed plugin login shown after installation The IdP certificate's validity dates are checked now and there is an option to deny the login if the certificate is no longer valid
• Disabled users are not activated during the update if "Reactivate inactive users" is not checked
• added /secure/johnson/events/dismiss to the non-SSO-URLs

• Added periodically refresh and update of metadata from an URL.
• Added option to request protocol binding of SAML response.
• Improved logging for support.
• Fixed Non-SSO URLs for Application Links.
• Changed internal format of the configuration from XML to JSON, please see our release notes for more information.
• Includes UserSync 1.1.8, see UserSync 1.1.x release notes.

• Added periodically refresh and update of metadata from an URL.
• Added option to request protocol binding of SAML response.
• Improved logging for support.
• Fixed Non-SSO URLs for Application Links.
• Changed internal format of the configuration from XML to JSON, please see our release notes for more information.
• Includes UserSync 1.1.8, see UserSync 1.1.x release notes.

• Includes UserSync 1.1.6
  • Better error logging.
  • Fixed a bug when combining attributes.
  • Disable users connector: fixed a bug where newly created users were disabled.
• Added support for OpenAM.
• Added support for NameID format X509SubjectName.
• Fixed Single Logout for Azure AD.
• Fixed combining of attributes when using email as authentication attribute.
• Fixed several Single Logout problems for Service Desk customers.
• Fixed a problem with Non-SSO URLs for Service Desk.

• Includes UserSync 1.1.6:
  • Better error logging.
  • Fixed a bug when combining attributes.
  • Disable users connector: fixed a bug where newly created users were disabled.
• Added support for OpenAM.
• Added support for NameID format X509SubjectName.
• Fixed Single Logout for Azure AD.
• Fixed combining of attributes when using email as authentication attribute.
• Fixed several Single Logout problems for Service Desk customers.
• Fixed a problem with Non-SSO URLs for Service Desk.

• Includes UserSync 1.1.4, see UserSync 1.1.x release notes
• Single Logout is now considered as stable and no longer experimental.
• Added option to define the AuthenticationContext in the SAML request.
• Set caching headers to fix problems in environments with reverse proxies.
• Improved logging and validation.

Check also our release notes.

• Includes UserSync 1.1.4, see UserSync 1.1.x release notes
• Single Logout is now considered as stable and no longer experimental.
• Added option to define the AuthenticationContext in the SAML request.
• Set caching headers to fix problems in environments with reverse proxies.
• Improved logging and validation.

Check also our release notes.

• Fixes group assigment for users in read only LDAP directories with local groups when using Just In Time Provisioning.

• Fixes a bug in the migration of connectors when upgrading from 3.0.x.
• Azure: added onPremiseSamAccountName to the list of available connector attributes.

• Fixes group assigment for users in read only LDAP directories with local groups when using Just In Time Provisioning.

• Fixes a bug in the migration of connectors when upgrading from 3.0.x.
• Azure: added onPremiseSamAccountName to the list of available connector attributes.

• Fixed decrypting encrypted assertions in special cases.
• Fixed importing metadata on Windows installations.
• Fixed creating authentication trackers on IdP initiated sign on.

Please also see our release notes.

• Fixed decrypting encrypted assertions in special cases.
• Fixed importing metadata on Windows installations.
• Fixed creating authentication trackers on IdP initiated sign on.

Please also see our release notes.

This is the first release of SAML Single Sign On including User Sync for Data Center. User Sync has automatic user directory synchronization with cloud providers and customer specific directories. It includes powerful user/group filtering and transformation, see the documentation for more details.

Please also note our release notes.

• Updated opensaml3 library to version 3.4.0.
• Fixed "skip untransformed groups".
• Fixed failing nosso login for SD Customer Portal after the user has entered wrong credentials.
• Fixed encoding for links in emails to the SD Customer Portal.
• Fixed transforming of organizations via regular expressions.

Please also note our release notes.

• Several bugfixes for User Sync, see the User Sync 1.0.1 release notes for more details.
• Improved UI/UX in System & Support section. It's now easier to create and export authentication trackers.
• Fixed reading of userid attribute during authentication by email address.
• Fixed a bug where the user creation could be enabled even though the user update was disabled.

• Improved UI/UX in System & Support section. It's now easier to create and export authentication trackers.
• Fixed reading of userid attribute during authentication by email address.
• Fixed a bug where the user creation could be enabled even though the user update was disabled.

User Sync has automatic user directory synchronization with cloud providers and customer specific directories.

• It includes powerful user/group filtering and transformation, see the documentation for more details.

Please also note our release notes.

• Added support for "Deny Password Authenticator", see here.
• Handle long relay states differently to avoid misleading errors in log.
• Fixed redirection to invalid URLs to avoid misleading errors in log.
• Fixed bug during user creation if no users with Jira administrators permission are available in system.

• Added support for "Deny Password Authenticator", see here.
• Handle long relay states differently to avoid misleading errors in log.
• Fixed redirection to invalid URLs to avoid misleading errors in log.
• Fixed bug during user creation if no users with Jira administrators permission are available in system.

• Added REST endpoint to reset the Entity ID.
• It's now possible to disable the automatic activation of inactive users during login.
• Force SSO URLs are now respecting the Non-SSO URLs.
• Fixed the selection of the authentication attribute in the wizard.
• Changed log levels in several cases to make the default logging less verbose.
• Fixed duplicate error messages on error page.

See also our release notes.

• Added REST endpoint to reset the Entity ID.
• It's now possible to disable the automatic activation of inactive users during login.
• Force SSO URLs are now respecting the Non-SSO URLs.
• Fixed the selection of the authentication attribute in the wizard.
• Changed log levels in several cases to make the default logging less verbose.
• Fixed duplicate error messages on error page.

See also our release notes.

Improved compatibility with Data Center.

See also our release notes.

• Fixed: inactive users can now be activated and updated in the same login.
• Fixed: after logout the user interface now shows the right UI elements.
• Fixed: the user will no longer be redirected to the logout page after logging in again.
• Fixed IdP selection cookie for Internet Explorer 11.
• Fixed: creation and assignment of organizations.

See also our release notes.

• The userid can now composed from multiple attributes.
• "Update users from remote directories" is now disabled by default in new installations. Existing configurations are not affected by this change.
• Fixed server error when wrong Post Binding URL is configured.
• Fixed server error when "Find user by email" is activated and multiple users with the same email address were found during login.
• Non-SSO URLs are now working in Jira Service Desk

See also our release notes.

• Fixed failing login with usernames containing whitespaces.

• New feature: Regex transformation for users and groups.
• New feature: Authentication tracker change notifications via email.
• Fixed: Force SSO URLs and Non SSO URLs now handle the HTTP parameters correctly.

See also our release notes.

• Support for aggregated metadata. Metadata from multiple IdPs can now be imported in a single step.
• Support for multiple base urls.
• Fixed migration from older configuration versions. Single Logout is now disabled by default and needs to be enabled explicitly.
• Fixed a bug that could throw a system error on logout.
• Clarified the log message for signature verification.
• Service Desk customers can now be assigned to organizations.
• Fixed redirection bug for links in emails coming from Service Desk.

• Single Logout (experimental) Read more about this feature here. Under certain circumstances, it can happen that the parameter Logout Binding is set to POST or REDIRECT. It should be set to DISABLE by default. Please check this value for any configured IdP and set it to DISABLED unless you explicitly want to enable single logout.
• Find user by Email. Ability to match the UserID IdP attribute against email instead of username.
• Ability to disable the "nosso" login parameter. This is generally not recommended, but may be necessary for compliance reasons. If you can't access the config page afterwards, your can read in our documentation how to reenable the nosso login.
• Ability to disable user creation while keeping user update active.
• Fixed group assignment with mixed lowercase/uppercase group names.
• Fixed ArrayIndexOutOfBoundsException while creating RequestInfo JSON.
• Fixed error with MySQL that prevented trackers from cleanup.
• Fixed logout redirection in Service Desk Customer Portal.

• Added support for delegated directories in Crowd, this requires an additional Crowd add-on, see our knowledge base article.
• Added option to disable the remote directory lookup feature introduced in 2.0.5.
• Fixed a bug that could cause performance issues in large instances during the periodical cleanup of response IDs.
• The cookie ‘selectedidp’, saving which IdP the user selected last time, is now marked as secure over HTTPS connections. Best-practice improvement.

• Fixed a bug that could prevent the add-on from starting up due to a invalid configuration if you update from add-on version 0.13.x or older.

• Fixed a bug that could cause performance issues in large instances during the periodical cleanup of authentication trackers.

Changes in 2.0.8:

• Fixed a bug that could trigger a logout redirection while executing a REST requests.
• Fixed RememberMe cookie.
• Fixed bug in group assignment for newly created users.

• Re-enabled compatibility for JIRA 7.0.4 (see https://wiki.resolution.de/go/ssso/updateRemoteDirectory)
• Fixed potential XSS vulnerability with pass-through parameter names

• Fixed redirection to a specific dashboard after login.

Fixes and improvements in 2.0.5:

• Improved security: Assertion IDs are now persistently stored for a defined amount of time.
• Improved export of SupportInformation for a better troubleshooting experience.
• Fixed compatibility issues with Oracle and Microsoft SQL Server.
• Fixed performance issue on admin page with large amount of groups in system.
• Fixed several issues with connected LDAP and Crowd directories.
• SSO now works with new users from delegated authentication directories.

See also our wiki.

Fixes and improvements in 2.0.3:

• Fixed potential XSS vulnerability with pass-through parameters
• Metadata creation now works directly after install
• Authentication Trackers now contain source IP address and request headers
• Easier access to SAML Service Provider details
• Improved configuration wizard, now containing Okta and OneLogin
• Fixed minor frontend issues
• Improved error messages if users are not synced from remote directory yet

Notes from 2.0.0:

Upgrade consideration

We have done very significant Frontend changes in this version, which you will surely appreciate once you get to use it. We also have done an unprecedented amount of Testing/QA. Nevertheless, please make sure you don't do this upgrade lightly & take appropriate testing steps in your environment. If you're using a Datacenter product, please also consider this note on upgrading your installation.

See also our wiki.

Fixes in 2.0.2:

• Fixed handling of URLs containing hyphens. This could also lead to non-working hyperlinks from external applications.
• IdP Selection by Request Header: Fixed matching of empty request header values. Clarified configuration in help text.
• Several small bugfixes in the user interface.

Notes from 2.0.0:

Upgrade consideration

We have done very significant Frontend changes in this version, which you will surely appreciate once you get to use it. We also have done an unprecedented amount of Testing/QA. Nevertheless, please make sure you don't do this upgrade lightly & take appropriate testing steps in your environment. If you're using a Datacenter product, please also consider this note on upgrading your installation.

• Reworked User Interface with IdP Setup Wizard
• Easier Troubleshooting with Authentication Process Tracking
• Set earliest supported version to Jira 7.0.4
• ... more

see also our wiki.

Fixes in 2.0.1:

• Tracker-parameter is no longer passed through to the IdP
• Fixed Exceptions "bundle has been uninstalled" found in the log intermittent after disabling and re-enabling the app
• Fixed tracker getting lost if no relay state comes from the IdP
• Fixed migrating empty useridTransformationRegex when updating from older version

Notes from 2.0.0:

Upgrade consideration

We have done very significant Frontend changes in this version, which you will surely appreciate once you get to use it. We also have done an unprecedented amount of Testing/QA. Nevertheless, please make sure you don't do this upgrade lightly & take appropriate testing steps in your environment. If you're using a Datacenter product, please also consider this note on upgrading your installation.

• Reworked User Interface with IdP Setup Wizard
• Easier Troubleshooting with Authentication Process Tracking
• Set earliest supported version to Jira 7.0.4
• ... more

see also our wiki.

Upgrade consideration

We have done very significant Frontend changes in this version, which you will surely appreciate once you get to use it. We also have done an unprecedented amount of Testing/QA. Nevertheless, please make sure you don't do this upgrade lightly & take appropriate testing steps in your environment. If you're using a Datacenter product, please also consider this note on upgrading your installation.

• Reworked User Interface with IdP Setup Wizard
• Easier Troubleshooting with Authentication Process Tracking
• Arbitrary number of certificates can be configured per IdP
• Organization and Contacts in SAML Metadata
• REST-endpoint for enabling/disabling redirection to IdP
• Enhanced IdP selection
• Entity ID is now editable
• Custom Logged Out URL only for SSO Users
• IdP-Id is now immutable, default IdP is specified by a new parameter weight
• Set earliest supported version to Jira 7.0.4

see also our wiki.

Fixed wrong configuration page error message for Jira 7.4.3: There has been a failure while loading the page. None of this tabs will be loaded.

• IdP-signature was not recognized when using REDIRECT-binding
• Messages intended for TRACE-level were shown with DEBUG-logging enabled
• Improved error messages when IdP-metadata is invalid
• ProtocolBinding-tag can be omitted in authentication request
• Fixed intermittent authentication-dialogs in mobile view

This version has limitations for the Customer Portal when using Jira 6 with the Service Desk Plugin. See https://wiki.resolution.de/x/wwPKBQ.

New features

• Added possibility to redirect to the login page if a Request Header is present
• Encryption/Signing-Certificates can be included in the SP metadata by adding the parameter signing or encryption to the Metadata URL (.../plugins/servlet/samlsso/metadata?signing&encryption)

Bug fixes and enhancements

• Fixed issues when clicking links in MS Office documents
• Fixed an issue that users from LDAP directories were not assigned to groups from directory "Default group membership" during first login
• Fixed an issue that the Base URL check failed with a message like "abc.com does not start with abc.com/"
• Hided SAML Single Sign On Administration Link for non-system-administrators
• Added appropriate error message when accessing the configuration page without System Administrator-privileges
• Override logout URL now also works for the mobile view in Jira 7

This version has limitations for the Customer Portal when using Jira 6 with the Service Desk Plugin. See https://wiki.resolution.de/x/wwPKBQ for more details!

• Service Desk Customer authentication no longer requires installing a custom Authenticator class
• Support for signing SAML-requests
• Support for encrypted SAML-responses
• IdP can now be selected by request header values
• Support for SAML Redirect-Binding
• Option to include NameID Format in SAML Request

• Changing the Jira base-URL is reflected in the Plugin's URLs immediately
• Fixed 404-errors when redirecting to /secure/Dashboard.jspa
• Configuration is stored per version- downgrading the Plugin reactivates the old configuration
• Enhanced RelayState-validation to avoid open redirects
• The REST-endpoint for loading IdP metadata now requires administrator privileges
• Minor configuration page improvements

Structural changes

• Updated to OpenSAML 3.3.0
• The Plugin has been refactored into two plugins delivered as a OBR-package.

This version fixes a vulnerability allowing SAML response content to be modified by inserting XML comments.

see http://wiki.resolution.de/doc/saml-sso/latest/all/security-advisories/2018-03-01-values-in-saml-response-can-be-shortened