Mission statement

We at codecentric are software developers and consultants. As we use Keycloak as our primary authentication tool, it was obvious to integrate Jira and Confluence authentication with Keycloak Single-Sign-On as well.

The existing plugins on the marketplace did not cover our needs, so our great team has decided to build our own plugins, based on the OpenID Connect protocol.

Key features

• Single-Sign-On via any OpenID Connect provider

• Mandatory or optional SSO, i.e. users can choose to use your SSO provider or Confluence/Jira local login

• Single-Sign-Out

• OpenID Connect client verification (confidential client access)

• OpenID Connect server signature verification (RSA-512 key verification)

• Support for group synchronization with Keycloak (the Jira, Confluence and Bitbucket groups can be set according to Keycloak role mappings)

• Support for the creation of new users with Keycloak (new users can be created locally in Jira/Confluence/Bitbucket on first login)

Setup & Installation

To set up the plugin you have to create a client in the OpenID Connect provider and configure the plugin to connect to the provider. For how to set up Keycloak see OpenID Connect Client Creation in Keycloak and Setup & Configuration, respectively. To use the advanced group synchronization and user creation features see User Creation & Group Management. For common problems and their solutions see Troubleshooting.

Other OpenID Connect provider may be used, too. For how to set up the plugin with Microsoft Azure see here. Instructions on how to use the plugin with the Google Identity Platform see here.

Quick Navigation

Useful Links