List of REST APIs available to configure SSO on Confluence Data Center
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
Confluence Data Center is bundled with the SSO for Atlassian Server and Data Center App (Atlassian SSO App), with which administrators can configure SSO authentication using SAML 2.0 or OIDC with the preferred Identity Provider (IdP) supporting these standards.
Check SAML single sign-on for Atlassian Data Center applications for further details about the Atlassian SSO App.
This App has some private REST APIs to allow checking and editing of its configuration. This document highlights these APIs and provides examples of usage.
Being private APIs means they may change without necessarily following the Atlassian REST API policy.
Environment
Confluence Data Center 7.13.0
Although this document references Confluence, it may be used by administrators of Jira and Bitbucket when configuring SSO.
SSO for Atlassian Data Center 4.2.5
These methods were made available since App version 4.2.0.
Solution
GET /rest/authconfig/1.0/login-options
Show all enabled authentication options.
Example
1
2
3
4
5
6
7
CONFLUENCE_PAT='My+PAT'
CONFLUENCE_BASE_URL=https://confluence.pawtucketbrewery.com
curl -s -X GET \
-H "Authorization: Bearer ${CONFLUENCE_PAT}" \
-H 'Accept: application/json' \
${CONFLUENCE_BASE_URL}'/rest/authconfig/1.0/login-options'Example response
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
{
"results": [
{
"type": "LOGIN_FORM",
"id": 0
},
{
"type": "IDP",
"id": 1,
"button-text": "Log in with IdP 1",
"login-link": "https://confluence.pawtucketbrewery.com/plugins/servlet/external-login/1"
},
{
"type": "IDP",
"id": 2,
"button-text": "Log in with another IdP",
"login-link": "https://confluence.pawtucketbrewery.com/plugins/servlet/external-login/2"
}
],
"size": 3,
"start": 0,
"limit": -1,
"isLastPage": true
}GET /rest/authconfig/1.0/idps
Get detailed configuration from all IdPs.
Example
1
2
3
4
5
6
7
CONFLUENCE_PAT='My+PAT'
CONFLUENCE_BASE_URL=https://confluence.pawtucketbrewery.com
curl -s -X GET \
-H "Authorization: Bearer ${CONFLUENCE_PAT}" \
-H 'Accept: application/json' \
${CONFLUENCE_BASE_URL}'/rest/authconfig/1.0/idps'Example response
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
{
"results": [
{
"id": 1,
"name": "SAML SSO",
"enabled": true,
"certificate": "MI(...)AHM",
"sso-type": "SAML",
"include-customer-logins": false,
"enable-remember-me": true,
"last-updated": "2021-09-20T13:12:05.075-03:00",
"jit-configuration": {
"user-provisioning-enabled": false,
"mapping-display-name": "",
"mapping-email": "",
"mapping-groups": "",
"additional-openid-scopes": []
},
"button-text": "Log in with IdP 1",
"idp-type": "GENERIC",
"sso-url": "https://my.idp.com/27011985/sso/saml",
"sso-issuer": "https://my.idp.com/27011985",
"username-attribute": "${NameID}"
},
{
"id": 2,
"name": "Another SAML SSO",
"enabled": true,
"certificate": "MI(...)TM",
"sso-type": "SAML",
"include-customer-logins": false,
"enable-remember-me": true,
"last-updated": "2021-09-22T11:57:07.392-03:00",
"jit-configuration": {
"user-provisioning-enabled": false,
"mapping-display-name": "",
"mapping-email": "",
"mapping-groups": "",
"additional-openid-scopes": []
},
"button-text": "Log in with another IdP",
"idp-type": "GENERIC",
"sso-url": "https://another.idp.com/12062019/sso/saml",
"sso-issuer": "https://another.idp.com/12062019",
"username-attribute": "${NameID}"
}
],
"size": 2,
"start": 0,
"limit": 50,
"isLastPage": true
}POST /rest/authconfig/1.0/idps
Create a new configuration for an IdP.
Example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
CONFLUENCE_PAT='My+PAT'
CONFLUENCE_BASE_URL=https://confluence.pawtucketbrewery.com
curl -s -X POST \
-H "Authorization: Bearer ${CONFLUENCE_PAT}" \
-H 'content-type: application/json' \
-H 'Accept: application/json' \
${CONFLUENCE_BASE_URL}'/rest/authconfig/1.0/idps' \
-d '{
"name": "New SAML SSO",
"enabled": true,
"certificate": "(...)",
"sso-type": "SAML",
"enable-remember-me": true,
"button-text": "Log in with the new IdP",
"idp-type": "GENERIC",
"sso-url": "https://new.idp.com/12062019/sso/saml",
"sso-issuer": "https://new.idp.com/12062019",
"username-attribute": "${NameID}",
"jit-configuration": {
"user-provisioning-enabled": false
}
}'Example response
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
{
"id": 3,
"name": "New SAML SSO",
"enabled": true,
"certificate": "(...)",
"sso-type": "SAML",
"include-customer-logins": false,
"enable-remember-me": true,
"last-updated": "2021-09-22T20:33:07.55-03:00",
"jit-configuration": {
"user-provisioning-enabled": false,
"mapping-display-name": "",
"mapping-email": "",
"mapping-groups": "",
"additional-openid-scopes": []
},
"button-text": "Log in with the new IdP",
"idp-type": "GENERIC",
"sso-url": "https://new.idp.com/12062019/sso/saml",
"sso-issuer": "https://new.idp.com/12062019",
"username-attribute": "${NameID}"
}GET /rest/authconfig/1.0/idps/{id}
Get the configuration of an IdP.
Example
1
2
3
4
5
6
7
8
CONFLUENCE_PAT='My+PAT'
CONFLUENCE_BASE_URL=https://confluence.pawtucketbrewery.com
CONFLUENCE_SSO_IDP_ID=1
curl -s -X GET \
-H "Authorization: Bearer ${CONFLUENCE_PAT}" \
-H 'Accept: application/json' \
${CONFLUENCE_BASE_URL}'/rest/authconfig/1.0/idps/'${CONFLUENCE_SSO_IDP_ID}Example response
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
{
"id": 1,
"name": "SAML SSO",
"enabled": true,
"certificate": "MI(...)eZ",
"sso-type": "SAML",
"include-customer-logins": false,
"enable-remember-me": true,
"last-updated": "2021-09-20T13:12:05.075-03:00",
"jit-configuration": {
"user-provisioning-enabled": false,
"mapping-display-name": "",
"mapping-email": "",
"mapping-groups": "",
"additional-openid-scopes": []
},
"button-text": "Log in with IdP 1",
"idp-type": "GENERIC",
"sso-url": "https://my.idp.com/27011985/sso/saml",
"sso-issuer": "https://my.idp.com/27011985",
"username-attribute": "${NameID}"
}PATCH /rest/authconfig/1.0/idps/{id}
Change one or more attributes in the configuration of an IdP.
Example
1
2
3
4
5
6
7
8
9
10
11
12
13
CONFLUENCE_PAT='My+PAT'
CONFLUENCE_BASE_URL=https://confluence.pawtucketbrewery.com
CONFLUENCE_SSO_IDP_ID=1
curl -s -X PATCH \
-H "Authorization: Bearer ${CONFLUENCE_PAT}" \
-H 'content-type: application/json' \
-H 'Accept: application/json' \
${CONFLUENCE_BASE_URL}'/rest/authconfig/1.0/idps/'${CONFLUENCE_SSO_IDP_ID} \
-d '{
"enable-remember-me": false,
"button-text": "Log in with patched IdP"
}'Example response
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
{
"id": 1,
"name": "SAML SSO",
"enabled": true,
"certificate": "MI(...)eZ",
"sso-type": "SAML",
"include-customer-logins": false,
"enable-remember-me": false,
"last-updated": "2021-09-22T22:15:24.599-03:00",
"jit-configuration": {
"user-provisioning-enabled": false,
"mapping-display-name": "",
"mapping-email": "",
"mapping-groups": "",
"additional-openid-scopes": []
},
"button-text": "Log in with patched IdP",
"idp-type": "GENERIC",
"sso-url": "https://my.idp.com/27011985/sso/saml",
"sso-issuer": "https://my.idp.com/27011985",
"username-attribute": "${NameID}"
}DELETE /rest/authconfig/1.0/idps/{id}
Delete one or more attributes in the configuration of an IdP.
Example
1
2
3
4
5
6
7
CONFLUENCE_PAT='My+PAT'
CONFLUENCE_BASE_URL=https://confluence.pawtucketbrewery.com
CONFLUENCE_SSO_IDP_ID=1
curl -s -X DELETE \
-H "Authorization: Bearer ${CONFLUENCE_PAT}" \
${CONFLUENCE_BASE_URL}'/rest/authconfig/1.0/idps/'${CONFLUENCE_SSO_IDP_ID}See Also
Was this helpful?